skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/payment-application-processor/Gen Agent Trust Hub
payment-application-processor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The Python implementation is focused on construction-specific arithmetic and data management. No malicious code patterns, hardcoded credentials, or unauthorized network operations were detected in the source code.
- [PROMPT_INJECTION]: The skill processes external data formats (CSV, Excel, JSON), which represents a vulnerability surface for indirect prompt injection.
- Ingestion points: The instruction file (instructions.md) specifies that the assistant accepts project data in CSV, Excel, and JSON formats.
- Boundary markers: The instructions lack explicit delimiters or guidance to ignore embedded instructions within the processed data.
- Capability inventory: The skill possesses filesystem permissions and performs financial calculations based on provided input.
- Sanitization: No specific sanitization, escaping, or validation routines are defined for the content of the external files.
Audit Metadata