The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes external Excel files (.xlsx, .xls), providing a vector for malicious instructions to be embedded within spreadsheet data and subsequently processed by the agent.\n- Ingestion points: Untrusted data enters the context via the --input flag in the scripts/excel_handler.py tool.\n- Boundary markers: There are no documented boundary markers or instructions to ignore embedded commands within the processed files.\n- Capability inventory: The skill has the capability to read from and write to the local file system using Python scripts.\n- Sanitization: No evidence of sanitization or content validation for spreadsheet cells is provided in the documentation.

excel-handler