skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/nobim-image-generator/Gen Agent Trust Hub
nobim-image-generator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Excel and IFC files, creating a surface for indirect prompt injection where malicious content within these files could potentially influence the agent's output or subsequent actions. \n
- Ingestion points: NoBIMVisualizer.load_from_excel in SKILL.md reads user-provided Excel files. \n
- Boundary markers: Absent; there are no delimiters or instructions used to separate user data from the agent's internal instructions. \n
- Capability inventory: The skill performs filesystem writes via matplotlib.pyplot.savefig and plotly.express.write_image in SKILL.md. \n
- Sanitization: Absent; the data is processed directly for visualization without validation or filtering of textual content. \n- [EXTERNAL_DOWNLOADS]: The documentation references the installation and use of standard, well-known Python libraries including pandas, matplotlib, seaborn, plotly, ifcopenshell, numpy, and reportlab. \n- [COMMAND_EXECUTION]: The skill performs standard filesystem operations such as reading Excel data files, creating directories, and writing visualization images, which are appropriate for its stated BIM processing functionality.
Audit Metadata