Excel Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires a connection to a remote MCP server at 'https://rube.app/mcp'. This domain is not included in the pre-approved trusted organizations list (e.g., Microsoft, Google, Anthropic). Users must trust the security and availability of the rube.app infrastructure.
- PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection. The skill is designed to read and process data from external spreadsheets, which can be controlled by third parties. It lacks explicit instructions for the agent to ignore any embedded commands within spreadsheet cells.
- Ingestion points: Data read from spreadsheets via 'GOOGLESHEETS_BATCH_GET'.
- Boundary markers: Absent. The skill does not provide delimiters or instructions to treat cell content strictly as data.
- Capability inventory: Significant file creation and write permissions on OneDrive and Google Drive ('EXCEL_CREATE_WORKBOOK', 'GOOGLESHEETS_BATCH_UPDATE', 'GOOGLESHEETS_UPSERT_ROWS').
- Sanitization: Absent. The agent is encouraged to use retrieved data to 'inform subsequent write or update operations' without validation.
Audit Metadata