docs-xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted Excel files, creating an attack surface for indirect prompt injection where malicious instructions could be embedded in spreadsheet cells.
- Ingestion points: The
scripts/parse_xlsx.pyscript reads external.xlsxfiles provided via command-line arguments. - Boundary markers: The extracted data is written to CSV and JSON files without delimiters or instructions for downstream LLMs to ignore potential embedded commands.
- Capability inventory: The script uses
pandasandopenpyxlfor file system read and write operations; it does not include network access, arbitrary command execution, or dynamic code evaluation. - Sanitization: While sheet names are sanitized to ensure valid filenames, the content of spreadsheet cells is converted to strings and written to output files without filtering for instruction-like patterns.
Audit Metadata