skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/resource-leveler/Gen Agent Trust Hub
resource-leveler
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted project data files (CSV, Excel, JSON), which creates a potential surface for indirect prompt injection attacks where malicious instructions could be hidden in data fields.
- Ingestion points: Project data files and file paths processed according to the methods in SKILL.md.
- Boundary markers: The instructions and implementation do not include explicit delimiters or safety markers to isolate processed data from the agent's instruction context.
- Capability inventory: The skill requests filesystem access to read project data; logic is focused on data manipulation with no detected network operations or subprocess execution.
- Sanitization: No explicit logic is implemented to sanitize or validate input data for embedded prompts or instructions.
Audit Metadata