Skills
skills/openaec-foundation/computational-design-day-delft-march-2026/ifcos-impl-profiles/Gen Agent Trust Hub

ifcos-impl-profiles

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface. The skill provides implementation patterns that ingest untrusted data from external IFC files, which could potentially be manipulated to influence agent logic.
  • Ingestion points: Usage of ifcopenshell.open("existing_model.ifc") in references/examples.md to load external BIM models.
  • Boundary markers: Absent from the provided code templates.
  • Capability inventory: Examples demonstrate the ability to perform file system writes via model.write() and modify model entities.
  • Sanitization: No sanitization or validation of model metadata is implemented in the examples.
  • [COMMAND_EXECUTION]: The skill uses ifcopenshell.api.run(), which is the standard programmatic dispatcher for the IfcOpenShell library. This pattern is internal to the library's architecture and does not represent arbitrary shell command execution.
  • [EXTERNAL_DOWNLOADS]: The skill documentation identifies dependencies on the ifcopenshell and numpy Python packages. These are industry-standard, well-known libraries for architectural engineering and numerical data processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 01:56 AM