skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/digital-twin-sync/Gen Agent Trust Hub
digital-twin-sync
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's implementation aligns with its stated purpose of managing digital twin data.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'numpy' and 'websockets' Python packages for data processing and real-time communication. These are well-known technology libraries used for the skill's core functionality.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its data ingestion capabilities. 1. Ingestion points: Data enters the system via 'DigitalTwinCore.import_from_ifc', 'TwinSynchronizer._process_message', and MQTT feeds in 'SKILL.md'. 2. Boundary markers: No explicit markers or instructions to ignore embedded prompts are used for external data. 3. Capability inventory: The skill does not use high-risk functions such as subprocess execution, 'eval', 'exec', or arbitrary file writes. 4. Sanitization: The skill performs standard JSON parsing but does not include additional sanitization or verification of ingested content.
Audit Metadata