The Agent Skills Directory

[SAFE]: The skill follows secure and efficient practices for BIM data analysis. The instructions focus on legitimate use of the @thatopen/components and web-ifc libraries for architectural and engineering data extraction.
[SAFE]: No evidence of prompt injection (Category 1), credential harvesting (Category 2), or malicious obfuscation (Category 3) was found. The code snippets utilize standard library APIs for the AEC (Architecture, Engineering, Construction) industry.
[SAFE]: Dependency usage is limited to well-known industry packages (@thatopen/components and web-ifc) that are consistent with the skill's stated purpose and author (OpenAEC-Foundation).
[PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8).
Ingestion points: The skill ingests untrusted external data in the form of IFC (Industry Foundation Classes) models loaded via IfcLoader and processed by FragmentsManager.
Boundary markers: There are no explicit boundary markers or 'ignore embedded instructions' warnings provided in the code samples to separate the model data (metadata/properties) from the agent's logic.
Capability inventory: The skill possesses capabilities to read file contents, extract property data, and generate analysis reports. It does not perform arbitrary command execution, network exfiltration, or file-system writes outside of standard data processing.
Sanitization: Data sanitization is handled by the underlying web-ifc WASM parser and FragmentsManager, which parse structured BIM data into strongly-typed objects. The skill is designed for analytical observation and reporting, which naturally limits the risk of harmful outcomes from poisoned data.

thatopen-agents-model-analyzer