lbo-model
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local script at
/mnt/skills/public/xlsx/recalc.pyto validate and recalculate formulas in the Excel model. This is a functional requirement for ensuring the financial model's integrity. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads and processes external Excel files provided by users. This surface allows untrusted content to be introduced into the agent's context.
- Ingestion points: User-provided .xlsx templates and the standard LBO_Model.xlsx file.
- Boundary markers: Absent; there are no instructions for the agent to ignore or delimit instructions found within cell content.
- Capability inventory: Modification of Excel workbooks via Office JS, file system writes via openpyxl, and local command execution.
- Sanitization: No mechanisms are provided to sanitize or validate text content within the processed spreadsheets.
Audit Metadata