Skills
skills/composiohq/awesome-claude-skills/Excel Automation/Snyk

Excel Automation

Warn

Audited by Snyk on Feb 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and processes data from arbitrary Google Sheets (e.g., GOOGLESHEETS_BATCH_GET, GOOGLESHEETS_GET_SHEET_NAMES and other GOOGLESHEETS_* tools using a supplied spreadsheetId), which ingests user-generated/untrusted third-party content that the agent reads and acts on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires an active Rube MCP server connection at https://rube.app/mcp during runtime, and that server will execute toolkit/tool calls (i.e., remote code) which directly drives the agent's actions, so this external URL is a runtime dependency that can execute code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 12:19 AM