1c-devtools-cursor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the OneScript (
oscript) command-line engine to perform development tasks such as building configuration files, initializing projects, and managing dependencies. This is the intended primary function for 1C development workflows. - [EXTERNAL_DOWNLOADS]: The skill references the official website for the OneScript engine (oscript.io) and retrieves JSON schemas from the Vanessa-opensource GitHub repository. These sources are standard and widely recognized within the 1C development community.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted project data (BSL source code and local configuration files) and has capabilities to execute shell commands.
- Ingestion points: Reads workspace files including
packagedef,env.json, and BSL source files. - Boundary markers: Absent from the provided instructions.
- Capability inventory: Terminal execution via OneScript, file system operations for configuration management, and debug attachment.
- Sanitization: No explicit sanitization of project content is mentioned in the documentation.
Audit Metadata