excel-lbo-modeler
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's metadata contains deceptive information. The author is listed as 'ClaudeCodePlugins' with an email address at 'claudecodeplugins.io', which does not align with the provided developer account 'jeremylongshore'. This use of a misleading identity can lead to misplaced trust in the skill's origin.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it requires gathering multiple inputs from the user (Target name, EBITDA, growth rates) via the
AskUserQuestiontool to populate Excel sheets. This processed data is untrusted. - Ingestion points: Transaction inputs collected in 'Step 1' via
AskUserQuestion. - Boundary markers: There are no instructions to use delimiters or to treat the gathered strings strictly as data to prevent the execution of embedded instructions.
- Capability inventory: The skill has access to
Write,Edit, andBash(npx:*)tools, providing capabilities for file system modification and potentially executing external Node.js packages. - Sanitization: No sanitization or safety checks for the string-based inputs are described beyond basic numeric validation for financial figures.
Audit Metadata