skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/validation-rules-builder/Gen Agent Trust Hub
validation-rules-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The technical implementation in SKILL.md follows standard Python practices for data validation. No suspicious command execution, hardcoded credentials, or obfuscated code were found.
- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided data (CSV, Excel, JSON), which is an entry point for indirect prompt injection. However, since the skill lacks dangerous capabilities like shell execution or network requests, the risk is negligible.
- Ingestion points: instructions.md specifies that the agent accepts project data in CSV, Excel, and JSON formats.
- Boundary markers: Absent; there are no explicit instructions to the agent to treat data blocks as non-executable text.
- Capability inventory: The skill logic in SKILL.md is limited to regex matching and numeric range checks; no subprocess, eval, or network-capable tools are present.
- Sanitization: The validation engine performs type-casting (float conversion) and regex enforcement which provides basic data sanitization.
Audit Metadata