xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. It is designed to read, analyze, and process data from external spreadsheet files (.xlsx, .csv, .tsv) which are considered untrusted sources.
- Ingestion points: Data enters the agent's context through functions like
pd.read_excel()andload_workbook('existing.xlsx')as documented inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or specific warnings for the agent to ignore or isolate instructions that might be embedded within the cell data of the processed spreadsheets.
- Capability inventory: The skill includes file writing capabilities and the ability to execute local scripts (
scripts/recalc.py) via the command line. - Sanitization: There is no mention of sanitizing or validating the content extracted from the spreadsheets before it is processed or used in further logic.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local Python script using the command
python scripts/recalc.py <excel_file>. Although this script is a vendor-provided tool for recalculating formulas via LibreOffice, it constitutes a command execution capability that operates on user-provided files.
Audit Metadata