skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/security-review-construction/Gen Agent Trust Hub
security-review-construction
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data (CSV, Excel, JSON) for security validation, creating a surface for indirect prompt injection. Malicious instructions could be embedded in project data to influence the agent's behavior. Ingestion points: user-provided project data files mentioned in instructions.md. Boundary markers: Absent. Capability inventory: Filesystem access and Python logic implementation as described in SKILL.md. Sanitization: Absent, beyond a general instruction to validate inputs.
- [COMMAND_EXECUTION]: The instructions.md file directs the agent to process data using methods described in the SKILL.md documentation. This pattern relies on the agent to interpret and implement logic from documentation snippets at runtime, which is a form of dynamic logic assembly that can lead to unexpected execution results if the agent's interpretation differs from the intended secure implementation.
- [DATA_EXFILTRATION]: The skill requests filesystem permissions and provides code examples for handling sensitive project information, including financial records, subcontractor PII, and BIM models. While the examples demonstrate secure practices like encryption and pre-signed URLs, the combination of filesystem access and processing sensitive information poses an inherent risk if the agent's logic is subverted by malicious input.
Audit Metadata