skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cwicr-overhead-markup/Gen Agent Trust Hub
cwicr-overhead-markup
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements legitimate construction business logic for cost estimation. All calculations are performed using standard Python code and data structures.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill does not access sensitive system paths or credentials. Network operations are absent, and data handling is confined to project-specific estimation files.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. The skill does not download external scripts for execution or use unsafe dynamic execution functions on user input.
- [PROMPT_INJECTION]: The instructional content and metadata are free from behavioral overrides, safety bypasses, or instructions designed to extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface (processing CSV, Excel, and JSON files). While these inputs are technically untrusted, the skill lacks the high-risk capabilities necessary to exploit this vector, such as arbitrary command execution or network exfiltration.
Audit Metadata