spreadsheet
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (HIGH): The SKILL.md file contains instructions for system tools installation using 'sudo apt-get install'. The use of 'sudo' in an automated agent environment is a high-severity risk that could lead to full system compromise if exploited by a malicious actor.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process external spreadsheet data which may contain embedded instructions. 1. Ingestion points: Data is read from .xlsx, .csv, and .tsv files using openpyxl and pandas in SKILL.md and read_existing_spreadsheet.py. 2. Boundary markers: Absent; the skill lacks instructions for using delimiters or ignoring instructions within the ingested data. 3. Capability inventory: The skill has the ability to write to the file system (openpyxl save) and execute shell commands (soffice and pdftoppm for rendering). 4. Sanitization: Absent; there is no evidence of validation or escaping for cell data before it is used in logic or commands.
- [External Downloads] (SAFE): The skill installs 'openpyxl', 'pandas', and 'matplotlib' via pip/uv. These are well-known, trusted packages for data analysis, and the installation pattern is standard for the skill's intended purpose.
Recommendations
- AI detected serious security threats
Audit Metadata