excel-variance-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted spreadsheet data. Ingestion points: The skill processes budget and actual results from external spreadsheets (SKILL.md). Boundary markers: No delimiters or instructions to ignore embedded commands are present. Capability inventory: Access to Bash (cmd:*), Read, Write, and Edit tools (SKILL.md). Sanitization: No data validation or sanitization is described.
- [COMMAND_EXECUTION]: The skill requests high-privilege tool access in its metadata. Evidence: SKILL.md lists 'Bash(cmd:*)' in allowed-tools, which permits the execution of any shell command.
- [NO_CODE]: The provided skill files contain documentation, READMEs, and markdown templates only; no functional code or scripts are included in the package.
Audit Metadata