xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) as it is designed to process external untrusted data.
- Ingestion points: Processes
.xlsx,.xlsm,.csv, and.tsvfiles through libraries like pandas and openpyxl. - Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to ignore embedded instructions within spreadsheet cells or metadata.
- Capability inventory: The skill allows for file creation, modification, and data analysis which can be manipulated by malicious inputs within the processed files.
- Sanitization: Absent. There is no mention of filtering or escaping content from external data sources before processing or re-incorporating it into the agent context.
- COMMAND_EXECUTION (MEDIUM): The verification section requires the execution of a local script (
node .claude/scripts/sfc_lint.mjs). - Evidence: The
verification.how_to_verifyfield explicitly instructs the user to run a node process on a script provided within the skill directory, which could lead to local command execution if the script is modified or malicious.
Recommendations
- AI detected serious security threats
Audit Metadata