skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/multi-agent-estimation/Gen Agent Trust Hub
multi-agent-estimation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data including IFC models, PDF drawings, and project spreadsheets, which creates a surface for indirect prompt injection.
- Ingestion points: External file inputs such as 'ifc_path', 'price_db', and drawing files referenced in the instructions and documentation.
- Boundary markers: There are no explicit instructions or delimiters used to separate data from instructions or to warn the agent about embedded prompts.
- Capability inventory: The orchestration logic utilizes filesystem access and network connectivity to manage construction data and interact with vector databases.
- Sanitization: The implementation does not include specific validation or sanitization steps for the content of processed files.
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies several Python package requirements.
- Packages: crewai, langchain-openai, ifcopenshell, pandas, and qdrant-client.
- Status: These are reputable and well-known libraries commonly used for AI agent development and BIM data analysis.
Audit Metadata