excel-automation
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Executes arbitrary commands within the Microsoft Excel environment, including running VBA macros via
wb.macro()and modifying application-level settings likeapp.display_alerts = False. This allows the skill to bypass standard user warnings during automation. - [REMOTE_CODE_EXECUTION]: The skill operates by generating and executing dynamic Python scripts at runtime to interact with Excel instances. This core functionality allows the agent to execute code it creates based on user prompts, which is a powerful but sensitive capability.
- [EXTERNAL_DOWNLOADS]: Requires the installation of external dependencies such as
xlwings,pandas,numpy, andmatplotlib. It also facilitates the installation of a persistent Excel add-in usingxlwings addin install, which modifies the user's Excel environment across sessions. - [PROMPT_INJECTION]: Presents a vulnerability to indirect prompt injection where malicious instructions embedded in Excel files could influence the agent's behavior. Evidence:
- Ingestion points:
sheet['A1'].valueandtable.data_body_range.valueinSKILL.md. - Boundary markers: No delimiters or instructions to ignore data content are present in the processing logic.
- Capability inventory: File system write access (
wb.save), VBA execution (wb.macro), and live Excel process control. - Sanitization: None provided for data read from spreadsheets before processing.
- [DATA_EXFILTRATION]: Accesses the local file system for reading and writing Excel workbooks, including directory iteration using
Path().glob(). This creates a risk of unintended data exposure if the agent is directed to process sensitive directories.
Audit Metadata