skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/ontology-mapper/Gen Agent Trust Hub
ontology-mapper
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection through the ingestion of untrusted construction data.\n
- Ingestion points: The
map_fieldandmap_schemamethods inSKILL.mdingest strings (field names and values) from user-provided construction project schemas.\n - Boundary markers: The skill logic does not utilize explicit delimiters or 'ignore embedded instructions' warnings when processing data during ontology mapping.\n
- Capability inventory: According to
claw.json, the skill is grantedfilesystempermissions, which allow for reading and writing data on the host system.\n - Sanitization: While
instructions.mddirects the agent to 'Validate inputs before processing', the reference implementation inSKILL.mdlacks programmatic sanitization or escaping mechanisms for the interpolated data strings.
Audit Metadata