csv-excel-merger
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context during the 'Analyze Input Files' and 'Inspect File Structures' steps (SKILL.md, Steps 1 & 2), where headers and data types are read directly from user-provided files.
- Boundary markers: Absent. The instructions do not specify any delimiters or special handling to separate data content from the agent's internal logic.
- Capability inventory: The skill leverages
pandasfor file read/write operations and instructs the agent to 'Generate Code' (SKILL.md, Step 7), providing a functional path for an injector to execute unauthorized file system actions. - Sanitization: Absent. There are no instructions to escape or validate the content of CSV/Excel cells before they are processed by the agent.
- [COMMAND_EXECUTION] (MEDIUM): The skill generates and executes Python code (using
pandas) to perform its primary function. While intended for data processing, the ability to read and write arbitrary files on the system presents a significant risk if the generation logic is compromised by malicious input data.
Recommendations
- AI detected serious security threats
Audit Metadata