xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill includes functions to ingest data from external Excel workbooks, which creates a theoretical surface for indirect prompt injection if the agent processes cell content as instructions. However, the scope is limited to data manipulation and no dangerous execution capabilities are present in the provided references.
- Ingestion points:
read_workbook,read_sheet, andread_to_dataframeinreferences/REFERENCE.md. - Boundary markers: None specified in the API reference.
- Capability inventory: Restricted to filesystem read/write for Excel formats; no subprocess, network, or dynamic execution identified.
- Sanitization: Not explicitly mentioned for incoming data streams.
- [External Downloads] (SAFE): The skill depends on standard, well-maintained libraries (
pandas,openpyxl) from the Python Package Index (PyPI). No untrusted or suspicious remote sources were identified.
Audit Metadata