skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/bim-clash-detection/Gen Agent Trust Hub
bim-clash-detection
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of untrusted BIM model data.
- Ingestion points: Data is loaded from external files via the
load_elementsmethod inSKILL.mdwhich converts element properties into strings for analysis and reporting. - Boundary markers: The skill lacks boundary markers or specific instructions to the agent to isolate element metadata from its own operational logic.
- Capability inventory: The skill is granted
filesystempermissions inclaw.json, which allows it to read and write files based on user/data inputs. - Sanitization: Component attributes such as names, categories, and level descriptions are processed as raw strings without validation or filtering for potential instructional content.
Audit Metadata