fix-xml-globals
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes XML and JavaScript files from the target project to identify and fix linter errors. This represents an indirect prompt injection surface where maliciously crafted content in these files could potentially influence the agent's actions. \n
- Ingestion points: Ingests content from XML views, fragments, and JavaScript formatter files (e.g.,
scripts/__fixtures__/*.js,webapp/**/*.xml).\n - Boundary markers: None identified; there are no instructions to wrap or delimit untrusted content.\n
- Capability inventory: Executes local Node.js scripts (
scripts/verify-this-bind.js) and performs file read/write operations via the agent.\n - Sanitization: No explicit sanitization or validation of file paths or function names is performed before passing them as arguments to the verification script.\n- [COMMAND_EXECUTION]: The skill requires the execution of a local Node.js utility,
scripts/verify-this-bind.js, to perform static analysis of the codebase. This script is used to verify the usage of 'this' context in UI5 formatters to determine if '.bind($control)' is required in the XML views.
Audit Metadata