excel-cli
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the excelcli binary from the author's official GitHub repository (sbroenne/mcp-server-excel) and install it using standard package managers like NuGet. These sources are considered trusted within the scope of the skill's distribution.
- [COMMAND_EXECUTION]: Provides capabilities to import and execute VBA macros and Power Query M-code. These features are documented and intended for complex Excel automation workflows, although they represent a powerful capability if the agent is directed to process untrusted scripts.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface associated with processing external spreadsheet data.
- Ingestion points: Untrusted data enters the agent context via commands like
range(get-values),table(get-data), andpowerquery(evaluate)as described in SKILL.md and references/powerquery.md. - Boundary markers: Absent. The skill instructions do not specify the use of delimiters or 'ignore' instructions when the agent reads cell content.
- Capability inventory: The skill has access to the file system (save/open), the ability to execute arbitrary VBA logic, and the ability to run Power Query operations.
- Sanitization: Absent. There are no instructions for validating or escaping content retrieved from worksheets before it is processed by the agent.
- [SAFE]: The skill documents the use of industry-standard third-party formatting services (Dax.Formatter and powerqueryformatter.com) to beautify code. This involves sending DAX and M-code snippets to these APIs, which is noted for transparency and is consistent with common developer practices.
Audit Metadata