skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/cwicr-schedule-integrator/Gen Agent Trust Hub
cwicr-schedule-integrator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill performs local file operations, including reading CSV/Parquet files and writing Excel reports. These operations are aligned with the 'filesystem' permission declared in the configuration and are necessary for the skill's primary function of cost-schedule integration.
- [INDIRECT_PROMPT_INJECTION]: This skill possesses an attack surface for indirect prompt injection because it processes untrusted data from external CSV files.
- Ingestion points: The
import_schedule_from_csvmethod inSKILL.mdreads user-provided schedule and work item files. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill has filesystem read/write capabilities via the
pandasandopenpyxllibraries. - Sanitization: The skill relies on standard
pandas.read_csvparsing and does not implement additional sanitization or validation of input strings before they are used in calculations or potentially reflected in the agent's output.
Audit Metadata