spreadsheet
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes well-established and trusted Python libraries including openpyxl and pandas for all core spreadsheet manipulation and data analysis tasks.
- [COMMAND_EXECUTION]: The instructions involve the use of standard command-line utilities such as libreoffice (soffice) and poppler (pdftoppm) specifically for document conversion and visual rendering, which is consistent with the skill's purpose.
- [EXTERNAL_DOWNLOADS]: Software dependencies and system tools are retrieved through standard package managers (uv, pip, apt, brew) and originate from reputable, well-known registries and distributions.
- [SAFE]: Setup instructions include using sudo to install well-known system utilities (libreoffice, poppler), which is a standard procedure for environment preparation and does not constitute a malicious privilege escalation attempt.
- [SAFE]: The skill has an indirect prompt injection surface as it handles untrusted data ingestion from .xlsx, .csv, and .tsv files (SKILL.md). While it relies on structured parsing libraries instead of explicit boundary markers, its capabilities are limited to file writing and rendering via subprocesses, with no automated execution of cell data or logic detected.
Audit Metadata