wps-excel
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a functional automation tool for WPS Office. Its use of MCP tools to read and write spreadsheet data is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill ingests data from external workbooks, creating an attack surface for indirect prompt injection.
- Ingestion points: Reads workbook metadata and cell data via wps_get_active_workbook and getRangeData in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Modifies data, sets formulas, and manages sheets via wps_execute_method in SKILL.md.
- Sanitization: The skill relies on 'Security Principles' defined in the instructions, requiring user confirmation and backup reminders for significant operations rather than technical sanitization.
Audit Metadata