Skills
skills/aws-samples/sample-strands-agent-with-agentcore/excel-spreadsheets/Gen Agent Trust Hub

excel-spreadsheets

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of dynamically generated Python code through the create_excel_spreadsheet and modify_excel_spreadsheet tools. This code is generated by the agent based on user instructions and utilizes specific libraries such as openpyxl, pandas, and numpy to interact with spreadsheet data.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it reads external content from spreadsheet files that may influence future agent actions or code generation.
  • Ingestion points: Data from external spreadsheets is ingested via the read_excel_spreadsheet and preview_excel_sheets tools.
  • Boundary markers: There are no specified delimiters or instructions to the agent to disregard instructions embedded within spreadsheet data.
  • Capability inventory: The skill allows the agent to execute Python code snippets and perform file system operations (list, read, write) via the provided toolset.
  • Sanitization: The instructions do not define any sanitization or validation processes for the contents of the spreadsheets before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 02:12 PM