spreadsheet
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious intent, obfuscation, or unauthorized activities were detected. The skill follows established patterns for file processing and data analysis.
- [COMMAND_EXECUTION]: The skill instructs the agent to use
soffice(LibreOffice) andpdftoppm(Poppler) to render spreadsheets into visual formats for user verification. This is a primary feature of the skill and is restricted to its documented purpose. - [EXTERNAL_DOWNLOADS]: The documentation suggests installing standard, widely-used Python packages (
openpyxl,pandas,matplotlib) and system utilities required for its rendering functionality. - [PROMPT_INJECTION]: The skill processes untrusted data from external spreadsheet files, which is a known surface for indirect prompt injection.
- Ingestion points:
openpyxl.load_workbook(seen inread_existing_spreadsheet.py) and various pandas loading functions referenced inSKILL.md. - Boundary markers: None; the skill does not explicitly implement delimiters to separate data from instructions within the spreadsheets.
- Capability inventory: File system access (read/write) and system command execution for file rendering.
- Sanitization: No sanitization or validation of spreadsheet content is performed before processing.
Audit Metadata