xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from spreadsheet files which creates an indirect prompt injection surface.
- Ingestion points: The agent is instructed to read files using pandas and openpyxl in SKILL.md.
- Boundary markers: No instructions are provided for the agent to use delimiters or boundary markers to separate data from instructions.
- Capability inventory: The skill can write files and execute the LibreOffice binary via the recalc.py script.
- Sanitization: No data sanitization or validation is performed on the ingested content before processing.
Audit Metadata