spreadsheet
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The 'SKILL.md' file instructs users to use
sudo apt-get installfor system dependencies (libreoffice, poppler-utils), which grants root-level access during setup.- Indirect Prompt Injection (HIGH): The skill is designed to process external, untrusted data which presents a high risk for indirect injection. * Ingestion points: Reads.xlsx,.csv, and.tsvfiles viaopenpyxl.load_workbook(seen inread_existing_spreadsheet.py) andpandas. * Boundary markers: None identified; instructions do not specify delimiters or warnings to ignore embedded content within cells. * Capability inventory: The skill can create directories (mkdir), write files (wb.save), and execute system commands (soffice,pdftoppm) as seen inSKILL.mdand example scripts. * Sanitization: None identified; cell content is processed and potentially used in further logic or rendered without filtering. - External Downloads (LOW): The skill requires multiple external dependencies (pandas, openpyxl, matplotlib, libreoffice, poppler). While these are from trusted repositories, the installation happens at runtime or setup. [TRUST-SCOPE-RULE] Applied: Severity downgraded from MEDIUM to LOW because the author 'openai' is a recognized trusted organization.
- Command Execution (MEDIUM): The workflow in 'SKILL.md' utilizes shell commands (
soffice --headless,pdftoppm -png) to convert and render documents. This creates a risk if filenames or sheet content are not properly sanitized before being passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata