spreadsheet
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires executing system-level commands for file processing and environment setup. This includes 'soffice' for PDF conversion, 'pdftoppm' for image generation, and 'brew' or 'apt-get' for package management.
- [COMMAND_EXECUTION]: The instructions include the use of 'sudo' for installing system dependencies, which constitutes a privilege escalation surface. Evidence: 'sudo apt-get install -y libreoffice poppler-utils' in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of several external dependencies. This includes Python packages (openpyxl, pandas, matplotlib) and system packages (libreoffice, poppler-utils).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted spreadsheet data. Ingestion points: Reads .xlsx, .csv, and .tsv files (SKILL.md). Capability inventory: Subprocess execution (soffice, pdftoppm) and file system writes. Boundary markers: Absent; no instructions to ignore embedded commands. Sanitization: Absent; no documented validation of input data content.
Audit Metadata