Skills
NYC
skills/bobmatnyc/claude-mpm-skills/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill documents methods for ingesting untrusted data from external spreadsheet files, which represents an attack surface for indirect prompt injection.
  • Ingestion points: SKILL.md examples demonstrate reading from files via load_workbook('data.xlsx'), pd.read_excel('data.xlsx'), and XLSX.readFile('data.xlsx').
  • Boundary markers: Absent; the examples do not include instructions for the agent to ignore potentially malicious content within the data cells.
  • Capability inventory: Demonstrates file read/write operations using standard libraries. No arbitrary command execution or network exfiltration patterns are present in the provided snippets.
  • Sanitization: Absent; the code snippets represent basic functionality without data validation or sanitization layers.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:17 PM