xlsx-processing
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of data from external files (Excel, CSV), which represents a standard attack surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: Data is read from external sources using
pd.read_excel()andpd.read_csv()in the patterns provided inSKILL.md. - Boundary markers: Absent; there are no specific instructions or delimiters used to warn the agent to ignore potential instructions embedded within the spreadsheet data.
- Capability inventory: The skill includes extensive file system write capabilities (
wb.save,df.to_excel,df.to_csv) and data manipulation logic across the file. - Sanitization: Absent; the code snippets focus on functionality and performance without implementing content validation or data escaping for external input.
- [SAFE]: The skill uses well-known, trusted libraries (pandas and openpyxl) for spreadsheet processing. The code snippets follow standard development practices and do not include any patterns for exfiltration, persistence, or unauthorized access.
Audit Metadata