skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/etl-pipeline/Gen Agent Trust Hub
etl-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Excel, PDF, and API sources which could potentially contain malicious instructions intended to influence the agent's behavior (Indirect Prompt Injection).
- Ingestion points: The logic defined in
SKILL.md(e.g.,extract_excel_files,extract_from_pdfs, andextract_from_apifunctions) reads data from external files and network locations into the agent's context. - Boundary markers: The instructions in
instructions.mddo not utilize explicit boundary markers or delimiters to isolate the processed data from the system's core instructions. - Capability inventory: The skill possesses filesystem and network permissions, which allow it to read/write local files and communicate with remote APIs using the
requestslibrary. - Sanitization: While the skill includes data cleaning functions like
clean_construction_data, these are designed for data integrity (e.g., handling nulls and types) rather than sanitizing inputs to prevent them from being interpreted as instructions by the underlying LLM.
Audit Metadata