excel-inspector
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via attacker-controlled Excel files.
- Ingestion points: The script reads cell values, headers, and full VBA source code modules in
excel_structure_utils.pyandvba_extractor.py. - Boundary markers: The output is a structured JSON file, but there are no internal delimiters or warnings for the agent to treat the content of the data fields as untrusted.
- Capability inventory: The agent is explicitly instructed to use this data to understand workbooks before generating or modifying Python and VBA code, which could lead to code generation guided by instructions hidden within the Excel data.
- Sanitization: No sanitization, escaping, or filtering is performed on the extracted strings before they are presented to the agent.
Audit Metadata