skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/enterprise-risk-aggregator/Gen Agent Trust Hub
enterprise-risk-aggregator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation consists of pure Python logic using standard libraries (math, statistics, random) to perform risk calculations. No malicious patterns such as obfuscation, credential theft, or unauthorized network communication were detected.
- [COMMAND_EXECUTION]: The skill requires Python3 but does not use subprocess or shell execution to run system commands. All processing is handled within the provided Python classes.
- [DATA_EXPOSURE]: The skill requests
filesystempermission viaclaw.jsonto allow the agent to read and process construction project data provided by the user (CSV, Excel, JSON). There is no evidence of attempts to access sensitive system paths or exfiltrate data. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external project data. While it includes instructions for the agent to validate input data, it does not define specific boundary markers for untrusted content. However, given the skill's lack of outbound network capabilities or dynamic code execution, the risk of a successful indirect injection attack is minimal.
Audit Metadata