Skills
skills/intelli-train-ai/skills/xlsx-manipulation/Gen Agent Trust Hub

xlsx-manipulation

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources (Excel and CSV files), which creates a potential surface for indirect prompt injection if the files contain malicious instructions.
  • Ingestion points: The skill uses load_workbook() and csv.reader() to import data from external files into the agent's context.
  • Boundary markers: The skill does not specify any delimiters or instructions for the agent to ignore or isolate instructions found within the processed spreadsheet data.
  • Capability inventory: The agent uses file-system access (read/write) and Python code execution capabilities to process and manipulate the spreadsheet data.
  • Sanitization: There is no evidence of input validation, filtering, or sanitization of the content loaded from external files before it is processed.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the openpyxl library via pip and points to its repository on GitHub. These are recognized as well-known and standard development resources.
  • [COMMAND_EXECUTION]: The skill's primary function involves the agent dynamically generating and executing Python code for spreadsheet manipulation, which is consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 05:19 AM