skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/rvt-to-excel/Gen Agent Trust Hub
rvt-to-excel
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
subprocess.runmethod to invoke an external utility namedRvtExporter.exe. The commands are constructed using a list of arguments, which is a secure practice that prevents shell injection attacks. - [EXTERNAL_DOWNLOADS]: The documentation refers users to the vendor's official GitHub repository (
github.com/datadrivenconstruction/) to acquire theRvtExporter.exeexecutable required for the skill to function. - [PROMPT_INJECTION]: The skill processes data from external Revit (.rvt) and Excel (.xlsx) files. This represents an indirect prompt injection surface where malicious data inside a BIM file could potentially influence the agent's behavior during analysis. However, this is a standard risk for any data processing skill and is mitigated by the structured nature of the data extraction.
Audit Metadata