skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/punch-list-manager/Gen Agent Trust Hub
punch-list-manager
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's code and instructions were analyzed for all 10 threat categories. No malicious patterns, such as prompt injection, unauthorized data access, or obfuscation, were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface for indirect prompt injection as it processes external files (CSV, Excel, JSON) provided by the user. 1. Ingestion points: The instructions.md file defines that the agent accepts project data in various common file formats or via direct input from the user. 2. Boundary markers (absent): The provided implementation does not specify explicit delimiters or boundary markers to distinguish between system instructions and data content. 3. Capability inventory: The skill includes file system write capabilities through the export_to_excel method in the PunchListManager class (SKILL.md), which uses pandas to generate Excel files. 4. Sanitization (present): The instructions.md file contains a requirement for the agent to validate all inputs before processing, providing a baseline layer of defense against malicious data.
Audit Metadata