construction-takeoff

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill utilizes well-known and trusted services including Anthropic, Firecrawl, and Supabase to perform its stated functions. These network operations are necessary for the quantity extraction and data logging features described.
  • [CREDENTIALS_UNSAFE]: The skill follows security best practices for secret management. It instructs users to store sensitive keys in environment variables and uses non-sensitive placeholders like 'YOUR_GITHUB_TOKEN' in documentation examples.
  • [COMMAND_EXECUTION]: Documentation for the skill includes a standard curl example for interacting with the GitHub Actions API. This is a routine automation practice and does not involve unsafe command injection or unauthorized execution.
  • [DATA_EXFILTRATION]: The skill logs construction project metadata and calculated costs to a Supabase database. This behavior is a core documented feature for tracking project history and does not constitute unauthorized data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 07:20 AM
Security Audit — agent-trust-hub — construction-takeoff