skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/as-built-tracker/Gen Agent Trust Hub
as-built-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requires a Python 3 environment to execute the document tracking logic defined in
SKILL.md. This is a standard requirement for the skill's intended data processing functions. - [DATA_EXFILTRATION]: The skill requests
filesystempermissions inclaw.json. This permission is utilized by theexport_to_excelmethod to save project tracking reports to a user-specified path. The analysis confirmed that no network operations or unauthorized file access patterns are present. - [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it ingests untrusted data via the
import_document_listmethod inSKILL.md(Ingestion points). While the skill lacks explicit boundary markers or input sanitization (Sanitization), its capabilities are restricted to data aggregation and local file system writes for Excel exports (Capability inventory). The risk is considered low and consistent with standard data processing tools.
Audit Metadata