spreadsheets
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to generate and execute raw JavaScript code in a Node.js environment to perform spreadsheet operations via the preloaded artifact tool surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external workbook files.
- Ingestion points: Data enters the agent context through
FileBlob.loadandSpreadsheetFile.importXlsxas documented inreferences/workbook.md. - Boundary markers: The skill does not include instructions or delimiters to isolate data from potential instructions within the imported spreadsheet files.
- Capability inventory: The execution environment provides access to the local file system through
node:fs/promisesandFileBlob, along with extensive spreadsheet manipulation capabilities via the@oai/artifact-toolpackage. - Sanitization: There is no evidence of content validation, escaping, or filtering for data processed from external workbooks.
Audit Metadata