excel-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file explicitly commands the agent to 'NEVER Ask Clarifying Questions' and to 'STOP' if it attempts to do so, which functions as a behavioral override of standard safety and clarification logic. The skill is also susceptible to indirect prompt injection as it reads and processes data from external Excel workbooks.
- [COMMAND_EXECUTION]: The skill leverages Windows COM interop to control local Excel instances, allowing for file system operations such as opening, reading, and saving workbooks, as well as managing application window visibility and positioning.
- [REMOTE_CODE_EXECUTION]: Support for VBA macros and Power Query M code provides a mechanism for dynamic code execution within the Excel environment, enabling complex logic to be defined and run as part of the spreadsheet automation.
- [EXTERNAL_DOWNLOADS]: The documentation recommends installation using the npx utility and references external formatting APIs like powerqueryformatter.com for processing M code and DAX measures during development workflows.
Audit Metadata