excel-spreadsheets
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
create_excel_spreadsheetandmodify_excel_spreadsheettools accept apython_codeparameter containing raw Python scripts. This allows the agent to execute code directly, which can lead to arbitrary command execution on the host system if isolation is insufficient. - [REMOTE_CODE_EXECUTION]: The skill utilizes a dynamic code execution model where scripts are generated and run at runtime. Although the documentation specifies the use of libraries such as
openpyxlandpandas, there is no evidence of technical restrictions to prevent the use of sensitive modules likeosorsubprocessto perform unauthorized actions. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data from external spreadsheet files.
- Ingestion points: The
read_excel_spreadsheetandmodify_excel_spreadsheettools read data from potentially untrusted.xlsxfiles into the agent's context. - Boundary markers: There are no markers or instructions provided to delimit spreadsheet content or to warn the agent against following instructions embedded within the data.
- Capability inventory: The skill has the capability to list files in the workspace, read/write files, and execute arbitrary Python code.
- Sanitization: The skill does not perform any validation or sanitization on the data retrieved from external spreadsheets before it is interpreted or used in subsequent operations.
Audit Metadata