skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cwicr-comparison-tool/Gen Agent Trust Hub
cwicr-comparison-tool
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data.
- Ingestion points: The skill processes user-provided project data from CSV, Excel, and JSON files as specified in
instructions.mdandSKILL.md. - Boundary markers: There are no explicit delimiters or system instructions provided to the agent to ignore or isolate natural language instructions that might be embedded within the project data fields.
- Capability inventory: The skill possesses
filesystempermissions and includes logic to write Excel files to the local system using theexport_comparisonmethod inSKILL.md. - Sanitization: There is no evidence of content sanitization or validation of the input data to ensure that strings do not contain adversarial instructions intended to influence the agent's behavior during analysis.
Audit Metadata