skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/uberization-readiness/Gen Agent Trust Hub
uberization-readiness
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external data provided by the user, which presents a surface for indirect prompt injection. 1. Ingestion points: File paths and data provided in CSV, Excel, and JSON formats as per instructions.md. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided. 3. Capability inventory: The skill has filesystem permissions (claw.json) to read project data. 4. Sanitization: There is no evidence of validation or sanitization of external content before processing.
- [EXTERNAL_DOWNLOADS]: The documentation contains links to external resources for informational purposes. Evidence: SKILL.md references https://openconstructionestimate.com and the author's domain https://datadrivenconstruction.io. These are informative links and do not involve automated script downloads or remote code execution.
Audit Metadata