working-with-spreadsheets
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious code, hardcoded credentials, or unauthorized external references were detected. The skill's behavior is consistent with its stated purpose of spreadsheet modeling and data analysis.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill involves ingesting untrusted data from external Excel files, creating a potential surface for indirect prompt injection attacks if the spreadsheet content contains adversarial instructions.
- Ingestion points: Use of
pd.read_excelandload_workbookinSKILL.mdto process external.xlsxfiles. - Boundary markers: Absent; the skill does not include specific delimiters or instructions to ignore embedded commands within the data.
- Capability inventory: File system write access (
wb.save) is demonstrated in multiple examples. - Sanitization: Absent; no logic is provided to sanitize or validate the content of the spreadsheet cells before processing.
Audit Metadata