skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/change-order-processor/Gen Agent Trust Hub
change-order-processor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection through data ingestion.
- Ingestion points: User-provided CSV, Excel, and JSON data as described in instructions.md.
- Boundary markers: Absent; no specific delimiters are defined to isolate untrusted data from the agent's instructions.
- Capability inventory: File system access via pandas.ExcelWriter in SKILL.md allows writing files to disk.
- Sanitization: Absent; the implementation lacks input validation to sanitize data from external files.
Audit Metadata