construction-takeoff
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes well-known and trusted services including Anthropic, Firecrawl, and Supabase to perform its stated functions. These network operations are necessary for the quantity extraction and data logging features described.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices for secret management. It instructs users to store sensitive keys in environment variables and uses non-sensitive placeholders like 'YOUR_GITHUB_TOKEN' in documentation examples.
- [COMMAND_EXECUTION]: Documentation for the skill includes a standard
curlexample for interacting with the GitHub Actions API. This is a routine automation practice and does not involve unsafe command injection or unauthorized execution. - [DATA_EXFILTRATION]: The skill logs construction project metadata and calculated costs to a Supabase database. This behavior is a core documented feature for tracking project history and does not constitute unauthorized data exfiltration.
Audit Metadata