Skills
skills/danielmiessler/personal_ai_infrastructure/Xlsx/Gen Agent Trust Hub

Xlsx

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill directs the agent to 'Load Full PAI Context' by reading a local file ~/.claude/PAI/SKILL.md. This instruction forces the agent to access personal metadata including contact lists and voice IDs before performing tasks.\n- [DATA_EXFILTRATION]: The requirement to read sensitive configuration files from a hidden local directory (~/.claude/) poses a risk of exposing private user data to the AI model's context.\n- [REMOTE_CODE_EXECUTION]: The recalc.py script generates a LibreOffice Basic macro and writes it to the local configuration directory (~/Library/Application Support/LibreOffice/... or ~/.config/libreoffice/...). It then executes this macro, representing a pattern of dynamic code generation and execution.\n- [COMMAND_EXECUTION]: The skill utilizes the subprocess.run function to execute system binaries like soffice and environment-specific timeout tools.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection when processing untrusted spreadsheet data. Evidence Chain:\n
  • Ingestion points: pd.read_excel and load_workbook (SKILL.md)\n
  • Boundary markers: Not implemented\n
  • Capability inventory: recalc.py (command execution) and SKILL.md (file writes)\n
  • Sanitization: Not implemented
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 03:45 AM