Skills
skills/richfrem/agent-plugins-skills/excel-to-csv/Gen Agent Trust Hub

excel-to-csv

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Path traversal in script references. The files scripts/convert.py and scripts/verify_csv.py contain relative path strings (../../../scripts/convert.py) that point to locations outside the skill's directory. The skill instructions direct the agent to execute these scripts using python3, which leads to the execution of code from unverified parent directories. Additionally, the requirements.txt file uses a similar traversal (../../requirements.txt), breaking skill encapsulation.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted binary Excel files and displays the extracted CSV content to the agent, creating a vector for embedded instructions to influence agent behavior.\n
  • Ingestion points: Processes .xlsx and .xls files provided by users via the convert.py script (file: SKILL.md).\n
  • Boundary markers: Absent. The instructions do not provide delimiters or "ignore embedded instructions" warnings for the agent when reading the extracted CSV data.\n
  • Capability inventory: The skill possesses Bash, Read, and Write permissions, and performs subprocess calls (file: SKILL.md), allowing a successful injection to potentially execute shell commands or modify the workspace.\n
  • Sanitization: Absent. No filtering or sanitization is performed on the data extracted from the spreadsheet cells before it is displayed in the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 06:49 PM