skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cashflow-forecaster/Gen Agent Trust Hub
cashflow-forecaster
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a data processor for external files (CSV, Excel, JSON), which constitutes an indirect prompt injection surface.
- Ingestion points: Project data and parameters are ingested from user-provided files or direct input as described in
instructions.md. - Boundary markers: The instructions do not define specific delimiters to isolate user-provided data from agent instructions.
- Capability inventory: The skill utilizes
filesystempermissions (defined inclaw.json) to manage project data and export reports. - Sanitization: No specific input sanitization or structured schema validation is defined in the provided instructions for external data streams.
- [SAFE]: All logic is implemented in a transparent Python class using standard libraries. The skill requires no external dependencies and maintains all operations within the user's provided project context.
Audit Metadata