The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from user-uploaded documents (Excel, PDF, CSV, Images) which are then analyzed by a backend agent.
Ingestion points: User-provided files uploaded via scripts/excel_api_client.py.
Boundary markers: Absent; the skill does not implement delimiters or specific instructions to ignore embedded commands within the processed files.
Capability inventory: The scripts/excel_api_client.py script provides capabilities to upload files and execute a backend agent that has access to code execution (jupyter_execute) and web search.
Sanitization: Absent; no sanitization or validation of the content within the uploaded files is performed before processing.
[COMMAND_EXECUTION]: The scripts/skywork_auth.py script uses the subprocess module to execute platform-specific commands (open, start, or xdg-open) to launch the system's web browser during the authentication process.
[DATA_EXFILTRATION]: The skill accesses and manages sensitive credentials by reading and writing authentication tokens to ~/.skywork_token in the user's home directory. While this is standard for the vendor's authentication flow, it involves handling sensitive authentication material.

Skywork Excel