skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/payment-application-generator/Gen Agent Trust Hub
payment-application-generator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
pandaslibrary to write Excel files to the local file system at paths specified by the user or the agent's logic. This is an intended feature for exporting payment applications. - [PROMPT_INJECTION]: The skill processes external data from CSV, Excel, or JSON formats to generate payment documentation. This creates a surface for indirect prompt injection where malicious instructions embedded in the project data could attempt to influence the agent's behavior.
- Ingestion points: Input data for Schedule of Values (SOV) and progress tracking provided via files (CSV, Excel, JSON).
- Boundary markers: None explicitly implemented in the provided Python logic.
- Capability inventory: File system write access for exporting documentation.
- Sanitization: No specific sanitization or filtering of input strings is shown in the data processing methods.
Audit Metadata