skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/project-closeout-checklist/Gen Agent Trust Hub
project-closeout-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied project data in formats such as CSV, Excel, and JSON to track closeout items, which constitutes an indirect prompt injection surface.
- Ingestion points: Data enters the agent's context through user-provided files or direct input as outlined in
instructions.md. - Boundary markers: The prompt lacks explicit delimiters or instructions to the agent to disregard potential commands embedded within the project data.
- Capability inventory: The skill is granted
filesystempermissions inclaw.jsonand utilizes thepandaslibrary inSKILL.mdto perform file write operations (to_excel). - Sanitization: The provided Python implementation does not include sanitization or validation routines for the content of the imported data.
Audit Metadata