excel-artisan
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external HTML and JSON data, creating a surface for indirect prompt injection.
- Ingestion points: Data is ingested from files via the --input and --distill arguments in src/index.ts.
- Boundary markers: No delimiters or instructions are used to prevent the agent from executing instructions embedded in the data.
- Capability inventory: The skill has file-writing capabilities through fs.writeFileSync and ExcelJS.
- Sanitization: Parsing is done via JSDOM and JSON.parse without content sanitization.
- [DATA_EXFILTRATION]: The skill uses validateFilePath for input sources but fails to apply it to the output path from the --out argument. This oversight could allow writing files to sensitive or unauthorized locations.
Audit Metadata