skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/big-data-analysis/Gen Agent Trust Hub
big-data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external files. \n
- Ingestion points: The methods
load_from_parquetandstream_processinSKILL.mdread data from external files provided by the user. \n - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious prompts embedded within the CSV or Parquet data. \n
- Capability inventory: The skill has the ability to read from the filesystem and write results to Excel files via
pd.ExcelWriter. It does not have network access or the ability to execute system commands. \n - Sanitization: No sanitization or content validation is performed on the data fields before they are used in analysis or presented in output tables. \n- [SAFE]: The skill uses well-known and trusted Python libraries (
pandas,openpyxl) for data processing. All file operations are localized to the user-provided paths and are necessary for the skill's primary function. No evidence of obfuscation, hardcoded credentials, or unauthorized network communication was detected.
Audit Metadata