skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/bim-consistency-checker/Gen Agent Trust Hub
bim-consistency-checker
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external data files.
- Ingestion points: User-provided BIM data, CSV, Excel, and JSON files as defined in
instructions.mdand processed by theBIMConsistencyCheckerclass inSKILL.md. - Boundary markers: The instructions lack explicit delimiting (e.g., using XML tags or triple quotes) for untrusted data and do not provide instructions for the AI to ignore potentially malicious commands within that data.
- Capability inventory: The skill possesses
filesystempermissions as defined inclaw.json, allowing for potential file system interaction triggered by malicious input data. - Sanitization: The provided Python implementation performs logical validation (regex matching) but does not sanitize the input content to prevent downstream interpretation by the AI agent.
Audit Metadata