data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.\n
- Ingestion points: The skill processes untrusted spreadsheet data in xlsx, csv, and xls formats (SKILL.md).\n
- Boundary markers: The instructions lack explicit delimiters or instructions to the agent to ignore or isolate embedded prompts within the user-provided data.\n
- Capability inventory: The skill defines the use of MCP tools (read_xlsx, analyze_spreadsheet, etc.) to interpret data contents; however, no direct system command execution or network capabilities are present (SKILL.md).\n
- Sanitization: No validation or sanitization mechanisms are described for mitigating malicious payloads within the data files.\n- [NO_CODE]: The skill is entirely documentation-based and contains no executable scripts, binary dependencies, or remote code patterns.
Audit Metadata