skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cost-estimation-resource/Gen Agent Trust Hub
cost-estimation-resource
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The technical implementation in SKILL.md consists of standard Python classes and logic focused on arithmetic calculations for cost estimation. The behavior is consistent with the skill's description and intended use.
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'pandas' and 'openpyxl' libraries. These are industry-standard packages for data science and file handling, sourced from official registries.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted data (work item names, resource codes) from external DataFrames or lists. Ingestion points: 'load_resources_from_df' and 'calculate_estimate' in SKILL.md. Capability inventory: Includes filesystem write permission for report generation via 'export_to_excel'. Boundary markers: Not implemented. Sanitization: Numeric values are validated through type casting, but string inputs are processed without validation.
Audit Metadata