skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/rfi-management/Gen Agent Trust Hub
rfi-management
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats detected. The skill follows standard project management patterns for data logging and reporting.
- [DATA_EXFILTRATION]: Although the skill metadata requests network permissions, the provided Python code does not perform any network operations. The network capability appears to be intended for external integrations like the n8n workflow described in the documentation.
- [COMMAND_EXECUTION]: The skill uses the file system to read and write Excel logs and generate text reports. These operations are restricted to the project's data storage requirements and do not involve executing shell commands or arbitrary code.
- [PROMPT_INJECTION]: The skill processes external data (Excel, CSV) which represents a potential ingestion point for untrusted content.
- Ingestion points: The
_load_rfismethod inSKILL.mdreads data from Excel files into the agent's context. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill has the ability to read and write to the file system using the
pandaslibrary. - Sanitization: There is no evidence of input validation or sanitization on the text fields of the RFI records before they are processed.
Audit Metadata