skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/pdf-construction/Gen Agent Trust Hub
pdf-construction
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill extracts and processes text from untrusted external PDF documents, presenting a surface for indirect prompt injection. \n- Ingestion points: Text is extracted in
extract_rfi_data,extract_spec_sections, andsplit_drawing_packageinSKILL.md. \n- Boundary markers: No explicit delimiters or instructions are used to separate extracted content from system instructions. \n- Capability inventory: The skill possesses filesystem access to read/write PDFs and Excel files viapypdf,pdfplumber, andpandas. \n- Sanitization: No validation or sanitization of extracted text is performed before it is processed by the AI.\n- [EXTERNAL_DOWNLOADS]: The skill requires several external Python libraries for its functionality. \n- Evidence: Documentation inSKILL.mdspecifies the installation ofpypdf,pdfplumber,reportlab, andpandasfrom official package registries.
Audit Metadata