xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill is sourced from 'anthropics/skills', which is a verified and trusted repository.
- [DATA_EXFILTRATION] (SAFE): Operations are limited to local file reading and writing of spreadsheet formats (.xlsx, .csv). No network activity, non-whitelisted domain requests, or sensitive system file access (e.g., SSH keys, AWS credentials) were detected.
- [COMMAND_EXECUTION] (SAFE): The code snippets use standard library functions for data manipulation. There are no instances of arbitrary command execution, shell spawning (subprocess.run), or privilege escalation attempts.
- [INDIRECT_PROMPT_INJECTION] (LOW): This skill defines an attack surface by ingesting untrusted data from external spreadsheet files.
- Ingestion points:
pd.read_excel()andload_workbook()in SKILL.md. - Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded within the spreadsheet data.
- Capability inventory: Limited to local file read/write. No network access or dynamic execution (eval/exec) capabilities are present in the provided scripts.
- Sanitization: Not present in the snippets; the skill relies on the underlying libraries (pandas/openpyxl) to handle file parsing.
Audit Metadata