xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and parse untrusted data from external XLSX files, which creates a potential surface for indirect prompt injection. Evidence: 1. Ingestion points: Reading and parsing XLSX files (Workflow 2 and 3 in SKILL.md). 2. Boundary markers: Absent from the provided instructions. 3. Capability inventory: Extracting data, modifying worksheets, and processing cell contents. 4. Sanitization: Not explicitly mentioned in the workflows or best practices.
Audit Metadata