excel-sheet
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via CSV injection techniques.\n- Ingestion points: The script
scripts/csv-to-xlsx.pyprocesses external CSV files provided as input.\n- Boundary markers: There are no boundary markers or warnings to the agent to disregard instructions or formulas embedded in the input CSV files.\n- Capability inventory: The skill has the ability to write Excel files to the system and interact with spreadsheet MCP tools.\n- Sanitization: The script lacks sanitization for formula-triggering characters (e.g.,=,+,-,@) in the input data, which allows those characters to be written directly into Excel cells as executable content.
Audit Metadata