skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/capacity-planning/Gen Agent Trust Hub
capacity-planning
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it is designed to ingest and process untrusted external data.
- Ingestion points: The
instructions.mdfile directs the agent to gather and process input data from users in CSV, Excel, and JSON formats. - Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the processed data files.
- Capability inventory: The
claw.jsonmanifest requestsfilesystempermissions, which are used to read project data and export reports as described in the instructions. - Sanitization: The skill instructions include a general constraint to "Validate inputs before processing," which provides a basic check but does not specify robust sanitization or escaping of external content.
Audit Metadata