skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/portfolio-dashboard/Gen Agent Trust Hub
portfolio-dashboard
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access patterns were identified.
- [DATA_EXFILTRATION]: The skill requests filesystem access in claw.json to process local data files (CSV, Excel, JSON) as described in its instructions. No evidence of unauthorized file access or data exfiltration logic was found.
- [PROMPT_INJECTION]: The skill processes untrusted user-provided data files, which presents a surface for indirect prompt injection. 1. Ingestion points: Project data files (CSV, Excel, JSON) referenced in instructions.md. 2. Boundary markers: None explicitly defined. 3. Capability inventory: Filesystem access is requested, but no network or subprocess execution capabilities are present in the code. 4. Sanitization: The instructions mandate input validation, and the implementation uses structured project metrics classes.
Audit Metadata