The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary purpose is processing untrusted Excel data which is then read into the agent's context.
Ingestion points: Data from untrusted .xlsx or .xls files is processed by scripts/convert.py and the resulting CSV output is read into the agent's context as described in SKILL.md (Phase 3).
Boundary markers: The instructions do not define specific delimiters or directives for the agent to ignore potentially malicious instructions embedded within the cell contents of the processed data.
Capability inventory: The agent is granted Bash, Read, and Write permissions, and is explicitly directed to use tools like awk and sed to repair CSV files based on structural error logs (SKILL.md, Phase 2).
Sanitization: While scripts/verify_csv.py performs structural linting for jagged rows and empty files, it does not validate or sanitize the textual content of the data for safety.
[SAFE]: The 'Tainted Context Cleanser' rule in SKILL.md provides a mitigation against context-filling attacks by limiting the volume of data the agent can read at once (truncating to 50 lines).
[SAFE]: The convert.py script implements a sanitize_sheet_name function that prevents path traversal vulnerabilities by filtering illegal characters from sheet names used in file creation.

excel-to-csv