spreadjs
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
hsxcommand-line utility for workbook operations, includinghsx evalwhich executes arbitrary JavaScript code strings to interact with the spreadsheet environment. - [EXTERNAL_DOWNLOADS]: The setup process involves downloading and installing the
@hewliyang/headless-spreadjspackage from the NPM registry. This package is managed by the skill's author. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads data from external Excel workbooks which could contain malicious instructions.
- Ingestion points: Workbook data is read via
hsx get,hsx csv, andhsx infocommands. - Boundary markers: Absent. The instructions do not specify delimiters to separate data from commands.
- Capability inventory: The agent can create/delete files, modify workbook structures, and execute JavaScript via the
hsxtoolset. - Sanitization: Absent. Content from spreadsheet cells is processed without validation for embedded instructions.
Audit Metadata