Skills
skills/jeremylongshore/excel-analyst-pro/excel-dcf-modeler/Gen Agent Trust Hub

excel-dcf-modeler

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references an external dependency, @negokaz/excel-mcp-server, to provide Excel spreadsheet capabilities. This is a functional requirement for the skill's purpose.
  • [COMMAND_EXECUTION]: The skill configuration allows the use of the Bash(npx:*) tool. This permission is scoped to supporting the Excel MCP server environment.
  • [PROMPT_INJECTION]: The skill incorporates user-provided data into generated models, creating an indirect prompt injection surface.
  • Ingestion points: Company names and financial metrics are collected via AskUserQuestion (SKILL.md).
  • Boundary markers: No explicit delimiters are specified for user data in the model generation process.
  • Capability inventory: Access to filesystem (Read, Write, Edit) and Bash(npx:*) (SKILL.md).
  • Sanitization: Range validation is performed on numeric inputs, but no string sanitization is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 01:42 AM