skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/bim-validation-report/Gen Agent Trust Hub
bim-validation-report
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external data files (CSV, Excel, JSON) provided by users. Maliciously crafted data within these files could attempt to influence the agent's subsequent actions.
- Ingestion points:
instructions.mdandSKILL.mdspecify that the agent should accept and process project data from user-provided file paths or direct inputs. - Boundary markers: The instructions lack explicit delimitation or 'ignore embedded instructions' directives when the agent reads external file content.
- Capability inventory: The skill utilizes
pandasandopenpyxlfor filesystem operations, including reading BIM data and writing Excel reports. - Sanitization: No specific sanitization or filtering logic is present to identify or neutralize natural language instructions embedded within the data fields of the BIM models.
Audit Metadata