excel-dcf-modeler
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to malicious instructions embedded in external financial data and industry comparables. 1. Ingestion points: User-provided historical data and industry comparables (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: High-privilege tools allowed including Bash(cmd:*), Write, and Edit. 4. Sanitization: Absent.
- [Command Execution] (HIGH): The manifest in SKILL.md requests the 'Bash(cmd:*)' tool, which permits arbitrary shell command execution. This level of privilege is excessive for generating Excel models and presents a significant risk if the agent's logic is subverted via malicious input.
- [Privilege Escalation] (MEDIUM): Documentation in scripts/README.md specifies that scripts should be made executable and may be run during skill activation, which increases the impact of any script-based injection when used alongside the allowed Bash tool.
Recommendations
- AI detected serious security threats
Audit Metadata