excel-pivot-wizard
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and process external tabular data without clear boundary markers or sanitization. Ingestion points: Tabular data sources for pivot table creation (referenced in SKILL.md). Boundary markers: Absent. Capability inventory:
Bash(cmd:*),Write,Edit,Read,Grep,Glob(specified in SKILL.md). Sanitization: No validation or escaping logic is defined for the processed content. - [COMMAND_EXECUTION]: The skill requests unrestricted use of the
Bashtool (cmd:*). While no malicious scripts are included in the package, this represents a high-privilege capability that could be abused if the agent interprets instructions embedded in the source data.
Audit Metadata