skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cwicr-quantity-matcher/Gen Agent Trust Hub
cwicr-quantity-matcher
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs data processing using the pandas and numpy libraries. It does not contain any code for executing arbitrary shell commands or unauthorized subprocesses.
- [DATA_EXFILTRATION]: Analysis of the Python implementation shows no network-related imports or functions (e.g., requests, urllib, sockets). Data remains within the local environment provided by the user.
- [PROMPT_INJECTION]: The provided instructions are strictly task-oriented, focusing on BIM quantity matching and cost estimation. No bypass techniques or role-play injection patterns were found. Regarding indirect prompt injection, the skill ingests BIM data from local files; however, it lacks high-risk capabilities like shell execution and applies type validation to quantities, mitigating potential exploitation.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any remote downloads of scripts, binaries, or configuration files at runtime. It relies on standard environment dependencies.
Audit Metadata