Skills
skills/intelli-train-ai/skills/excel-automation/Gen Agent Trust Hub

excel-automation

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill enables the execution of Excel VBA macros via the wb.macro('MacroName')() method. This allows the agent to trigger arbitrary code embedded within Excel workbooks.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the xlwings Python package and its corresponding Excel add-in via pip install xlwings and xlwings addin install.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted Excel files.
  • Ingestion points: The skill reads data from local workbooks using xw.Book() and scans directories for files using Path.glob().
  • Boundary markers: No explicit boundary markers or instructions are provided to the agent to ignore or sanitize embedded macros or data that might contain instructions.
  • Capability inventory: The skill can execute VBA macros, modify files on the local system, and control the Excel application process (e.g., app.quit(), app.display_alerts = False).
  • Sanitization: There is no evidence of sanitization or validation of the Excel file content or macro names before they are processed or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 05:17 AM