skills/openaec-foundation/blender-bonsai-ifcopenshell-sverchok-claude-skill-package/bonsai-impl-project/Gen Agent Trust Hub
bonsai-impl-project
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external IFC data, which is an attack surface for indirect prompt injection.\n
- Ingestion points: IFC files are loaded via
ifcopenshell.open()andbpy.ops.bim.load_project()inSKILL.mdandreferences/examples.md.\n - Boundary markers: No explicit delimiters or instructions to ignore instructions within the IFC data are used.\n
- Capability inventory: The skill allows writing to the filesystem using
model.write()andbpy.ops.bim.save_project().\n - Sanitization: No evidence of data sanitization or filtering of input IFC content is present.\n- [SAFE]: The skill's primary functionality is secure and well-documented.\n
- Standard APIs: It correctly utilizes the high-level
ifcopenshell.apifor all BIM operations, avoiding low-level pitfalls.\n - Authoritative Sources: All external references and source links point to the official IfcOpenShell documentation and GitHub repository.\n
- Best Practices: The instructions include specific warnings against invalid project setups and legacy module paths.
Audit Metadata