Skills
skills/lc2panda/wps-mcp/wps-excel/Gen Agent Trust Hub

wps-excel

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from Excel workbooks, creating a surface for indirect prompt injection.
  • Ingestion points: Data is read using wps_get_cell_value and getRangeData in SKILL.md.
  • Boundary markers: The prompt lacks delimiters to separate user data from instructions.
  • Capability inventory: It can perform actions like deleteRows and deleteSheet via wps_execute_method in SKILL.md.
  • Sanitization: No sanitization logic is defined for the ingested data.
  • [COMMAND_EXECUTION]: The skill uses the wps_execute_method tool to perform operations within WPS Office. This includes powerful capabilities such as deleting sheets, deleting rows, and protecting worksheets with passwords.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 07:47 AM