xlsx-processing-openai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill documentation suggests installing Python packages (openpyxl, pandas, matplotlib) and system tools (libreoffice, poppler) from official repositories. As the author is a trusted organization, the risk is classified as low per trust rules.\n- Privilege Escalation (LOW): The installation instructions for system dependencies involve the use of
sudo apt-get. This is documented as necessary for the spreadsheet rendering feature and is considered low risk given the trusted source and the skill's primary purpose.\n- Indirect Prompt Injection (LOW): The skill processes data from untrusted spreadsheet files which could contain malicious instructions or formulas.\n - Ingestion points: Loading .xlsx, .csv, and .tsv files via
openpyxlandpandaswithin the workflow and example scripts (e.g.,read_existing_spreadsheet.py).\n - Boundary markers: Absent. No delimiters or specific instructions are provided to the agent to treat cell content purely as data.\n
- Capability inventory: The skill can execute system commands for rendering (soffice), write files (wb.save), and perform data analysis.\n
- Sanitization: Absent. The skill does not implement automated sanitization of cell content or formulas, relying instead on manual visual review.
Audit Metadata