excel-data-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted content from Excel files and presents it to the AI agent in a report, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Excel files (.xlsx, .xls) are processed by scripts referenced in SKILL.md.\n
- Boundary markers: The report template (assets/report-template.md) lacks specific delimiters or markers to isolate cell data from the surrounding markdown report structure.\n
- Capability inventory: The skill uses Bun to run a TypeScript script that writes to the local filesystem; the resulting reports are consumed by the AI to provide cleaning recommendations.\n
- Sanitization: No explicit sanitization or filtering of cell content is described in the provided logic or documentation.
Audit Metadata