excel-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's functionality is centered on the execution of the
excelclicommand-line utility. It constructs and runs shell commands with various parameters to perform Excel operations. - [EXTERNAL_DOWNLOADS]: Installation instructions include the use of
dotnet tool install --global Sbroenne.ExcelMcp.CLIandnpx skills add sbroenne/mcp-server-excel. These are vendor-provided resources from 'sbroenne'. - [REMOTE_CODE_EXECUTION]: The
vbacommand group allows the agent to import, update, and run VBA procedures (excelcli vba run --procedure-name ...). This enables the execution of arbitrary code within the Excel process on the host machine. - [PROMPT_INJECTION]: Instructions in
SKILL.mdandbehavioral-rules.mddirect the agent to bypass confirmation steps and avoid asking clarifying questions (e.g., 'NEVER Ask Clarifying Questions', 'Execute immediately'). This emphasis on autonomy increases the risk of unintended command execution. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface. Untrusted data enters the agent context through ingestion points like
range(get-values)andtable(get-data)(SKILL.md). There are no boundary markers or explicit sanitization processes mentioned. The agent's capability inventory includes subprocess execution, VBA macro running, and file-write operations, creating a risk if the agent obeys instructions embedded in processed Excel files.
Audit Metadata