Skills
skills/childbamboo/claude-code-marketplace-sample/xlsx-reader/Gen Agent Trust Hub

xlsx-reader

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to read data from external Excel files and provide the raw output to the agent, creating a significant attack surface for indirect prompt injection.
  • Ingestion points: scripts/read_xlsx.py and scripts/xlsx_to_json.py ingest content from .xlsx files using the openpyxl library.
  • Boundary markers: Absent. The scripts output content as raw Markdown or JSON text without using delimiters or system-level instructions to ignore embedded commands.
  • Capability inventory: The agent is explicitly instructed to execute shell commands (wsl python3 ...) and is encouraged to use 'Write' tools to save the resulting data to the filesystem.
  • Sanitization: Absent. The Python scripts only perform basic string conversion and whitespace stripping (str(value).strip()), failing to escape Markdown syntax or filter for instructional language.
  • Command Execution (MEDIUM): The skill's primary function relies on the agent executing arbitrary shell commands via WSL. If the agent fails to strictly validate the user-provided file path, this could be abused to target sensitive files on the host system or execute unintended scripts.
  • External Downloads (LOW): The skill documentation instructs users to install the openpyxl package from PyPI (pip install openpyxl). While this is a trusted and standard library, the installation of third-party dependencies is an external requirement for the skill's operation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:07 AM