skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/productivity-analyzer/Gen Agent Trust Hub
productivity-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted user-provided data and maintains filesystem write access.
- Ingestion points: The import_from_dataframe method in SKILL.md ingests data from external DataFrames which are typically sourced from CSV or Excel files.
- Boundary markers: There are no explicit delimiters or instructions within the processing logic to sequester data from potential instructions.
- Capability inventory: The skill has filesystem write permissions and utilizes the export_analysis method in SKILL.md to write reports using pandas.ExcelWriter.
- Sanitization: The risk is reduced through explicit type conversion to float, int, and date formats during the data import process, which prevents the interpretation of complex malicious payloads as commands.
Audit Metadata