Skills
skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/n8n-cost-estimation/Gen Agent Trust Hub

n8n-cost-estimation

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's implementation in SKILL.md (Step 1) performs unsafe string interpolation to build a shell command. It takes file_path from the node input and inserts it directly into a command string: const command = `RvtExporter.exe "${filePath}" complete bbox`;. This allows for command injection if an attacker provides a filename containing shell metacharacters.
  • [EXTERNAL_DOWNLOADS]: The skill requires several external, proprietary components from the vendor that are not packaged within the skill files, including the RvtExporter.exe CAD converter and the DDC CWICR price database. These represent external binary dependencies that must be manually installed on the host system.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via BIM data processing.
  • Ingestion points: Element data (Category, Name, and parameters) is extracted from CAD files and processed in SKILL.md (Step 2 and 3).
  • Boundary markers: The LLM classification prompt in SKILL.md (Step 3) lacks delimiters or instructions to ignore embedded commands within the category or items variables.
  • Capability inventory: The skill has permissions for filesystem access (executing RvtExporter.exe) and network access (Qdrant client and LLM communication).
  • Sanitization: There is no evidence of sanitization or validation of the element data before it is interpolated into the prompt, allowing malicious text in a CAD file to influence the agent's behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 04:28 AM