skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/5000-projects-analysis/Gen Agent Trust Hub
5000-projects-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external project data in Excel format, which introduces an indirect prompt injection surface if the data contains malicious instructions.
- Ingestion points: The
BIMProjectAnalyzer.load_projectsmethod inSKILL.mdusespd.read_excelto ingest data from user-provided file paths. - Boundary markers: No explicit delimiters are used in the prompt interpolation; however,
instructions.mdincludes a directive to 'Validate inputs before processing'. - Capability inventory: The skill has filesystem read/write capabilities (via
pandasandmatplotlib). It does not have network access or arbitrary command execution capabilities. - Sanitization: The provided code does not explicitly sanitize or escape data extracted from Excel cells before it is processed or potentially presented to the user.
Audit Metadata