skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/schedule-cost-link/Gen Agent Trust Hub
schedule-cost-link
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection attacks.\n
- Ingestion points: The instructions.md file indicates the skill processes external data provided in CSV, Excel, and JSON formats.\n
- Boundary markers: No explicit delimiters or instructions are present to prevent the agent from obeying instructions embedded within the processed data.\n
- Capability inventory: The SKILL.md file includes the export_to_excel method, which utilizes filesystem permissions to write data to disk via the pandas ExcelWriter.\n
- Sanitization: There is no evidence of input sanitization to filter out malicious instructions or code fragments from the user-provided datasets.
Audit Metadata