bonsai-agents-ifc-validator

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of prompt injection or instruction override patterns were found. The instructional language is strictly limited to defining validation procedures and operational constraints.
  • [DATA_EXFILTRATION]: No network operations or unauthorized data access patterns were detected. All file operations are localized to the IFC models provided for validation within the user's environment.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping network content to a shell or dynamic loading from untrusted sources, were identified. All dependencies are industry-standard BIM libraries.
  • [OBFUSCATION]: The skill uses clear, plain-text markdown and Python code. No Base64, zero-width characters, or other encoding techniques intended to hide malicious content were found.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes structured IFC data files. While it lacks explicit sanitization for element names or property values displayed in logs, the capability inventory is restricted to read-only validation and reporting, posing no risk of privilege escalation or command execution.
  • [DYNAMIC_EXECUTION]: The skill does not utilize eval(), exec(), or any form of runtime code generation or modification. All logic is statically defined in the provided snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 01:56 AM
Security Audit — agent-trust-hub — bonsai-agents-ifc-validator