skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/ifc-to-excel/Gen Agent Trust Hub
ifc-to-excel
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.run()within theIFCExporterclass to execute theIfcExporter.exebinary. While the implementation uses a list-based argument structure to mitigate shell injection, the execution of external binaries is a high-privilege operation. - [EXTERNAL_DOWNLOADS]: The documentation and metadata reference external dependencies including
IfcExporter,IfcConvert, andIfcOpenShell. These are external tools required for the skill's functionality, sourced from the vendor's website (datadrivenconstruction.io) or community repositories. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8).
- Ingestion points: Data is ingested from external IFC files via the
IfcExporterand subsequently read from Excel sheets usingpandas.read_excel(e.g., inread_elementsandget_properties). - Boundary markers: No explicit boundary markers or 'ignore' instructions are present when the agent processes the extracted BIM metadata.
- Capability inventory: The skill has
filesystempermissions and the ability to execute subprocesses viasubprocess.run. - Sanitization: There is no evidence of sanitization or filtering for the metadata extracted from the IFC files before it is presented to the agent for analysis.
- [DATA_EXFILTRATION]: The skill requests
filesystempermissions to perform its primary function of reading model files and writing reports. While no network exfiltration was detected, the access level allows reading potentially sensitive BIM data from the local environment.
Audit Metadata