Skills
NYC
skills/alchaincyf/huashu-skills/data-office-pro/Gen Agent Trust Hub

data-office-pro

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The scripts read_excel.py and read_pptx.py extract content from office documents and output it directly to the agent's context without isolation.\n
  • Ingestion points: filepath parameter in read_excel.py and read_pptx.py.\n
  • Boundary markers: Absent. The data is printed directly to stdout as raw text, markdown, or JSON.\n
  • Capability inventory: read_excel.py and read_pptx.py have read access to the filesystem; build_pptx.js has write access for generating the PPTX output.\n
  • Sanitization: None. Text and table data are extracted verbatim from the files and passed to the agent.\n- Dynamic Execution (LOW): build_pptx.js uses playwright for handling HTML content. If the input HTML is sourced from an untrusted location, rendering it in a browser context exposes the system to browser-based attacks such as Local File Disclosure or SSRF via the browser instance, although no explicit malicious code is present in the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM