yonbip-workflow-path-table
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script,
scripts/md_to_excel.py, to transform markdown data into Excel spreadsheets. This is the core functionality and occurs entirely within the local environment. - [EXTERNAL_DOWNLOADS]: The skill's Python script identifies a dependency on the
openpyxllibrary, which is a well-known and standard package for spreadsheet processing. - [PROMPT_INJECTION]: The skill ingests untrusted user input to derive business logic, representing an indirect prompt injection surface.
- Ingestion points: Natural language descriptions of approval workflows provided by the user.
- Boundary markers: Absent; the skill does not use explicit delimiters to encapsulate user input during processing.
- Capability inventory: The skill possesses the ability to execute a local script and perform file system write operations.
- Sanitization: No explicit input sanitization or filtering of user-provided strings is implemented before they are used to populate the workflow table.
Audit Metadata