The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (SAFE): The skill installs the 'exceljs' library from the NPM registry. This is a legitimate and widely used package for spreadsheet processing.
[PROMPT_INJECTION] (LOW): The skill presents an attack surface for indirect prompt injection because it reads content from external XLSX files. Evidence: 1. Ingestion points: The 'readExcel' function in SKILL.md. 2. Boundary markers: Delimiters are not used to separate untrusted spreadsheet content from agent instructions. 3. Capability inventory: The skill has file system read/write permissions via the ExcelJS workbook API. 4. Sanitization: No evidence of input validation or sanitization of the data read from the Excel files is present.

exceljs