skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/xml-reader/Gen Agent Trust Hub
xml-reader
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted XML data which presents a surface for indirect prompt injection.
- Ingestion points: Methods
parse_fileandparse_stringinSKILL.mdallow external XML content to enter the agent context. - Boundary markers: No delimiters or isolation instructions are present to prevent the agent from executing instructions found within the XML fields.
- Capability inventory: The skill is granted
filesystempermissions and usespandasfor data structuring, allowing it to read and process local files. - Sanitization: The implementation uses the standard
xml.etree.ElementTreelibrary, which is vulnerable to XXE and Billion Laughs attacks; no sanitization or safer alternatives likedefusedxmlare employed.
Audit Metadata