skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cwicr-crew-optimizer/Gen Agent Trust Hub
cwicr-crew-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data formats (CSV, Excel, JSON) for crew optimization, creating a potential surface for indirect prompt injection. Ingestion points: The cwicr_data parameter in the CWICRCrewOptimizer class and various user-provided files (CSV, Excel, JSON). Boundary markers: Instructions specify that the agent should validate inputs, but no explicit delimiters or "ignore instructions" markers are implemented in the code. Capability inventory: The skill possesses file system write capabilities via the pandas.ExcelWriter in the export_crew_plan method. Sanitization: No explicit sanitization, escaping, or filtering of untrusted input data is performed before processing or interpolation into agent logic.\n- [SAFE]: The skill implements legitimate construction-specific optimization logic using standard mathematical operations and data science libraries. All code is transparent and the file system operations (writing reports to Excel) are consistent with the skill's stated purpose and declared permissions.
Audit Metadata