office-productivity
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is a markdown-based orchestration guide and contains no executable source code, scripts, or binary files.\n- [PROMPT_INJECTION]: The workflow describes operations for processing and importing untrusted external data, creating an indirect prompt injection surface.\n
- Ingestion points: Phases 2, 3, and 7 describe importing data from spreadsheets, document templates, and database sources.\n
- Boundary markers: No specific delimiters or 'ignore' instructions are provided to the agent to differentiate between data and instructions in the processed files.\n
- Capability inventory: The workflow utilizes external skills such as
libreoffice-calcandxlsx-officialwhich have the capability to read and process file system content.\n - Sanitization: No data sanitization or validation protocols are established within the workflow bundle.
Audit Metadata