Skills
NYC
skills/spillwavesolutions/automating-mac-apps-plugin/automating-excel/Gen Agent Trust Hub

automating-excel

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): Unsanitized file path interpolation in AppleScript generation.\n
  • Evidence: scripts/export_excel_to_csv.py and scripts/create_excel_spreadsheet.py use f-strings to build AppleScript strings for execution via osascript. If a file path contains a double quote, it can terminate the intended string literal and execute arbitrary AppleScript or shell commands.\n- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection vulnerability surface.\n
  • Ingestion points: Data is read from external CSV files and Excel worksheets in scripts/import_csv_to_excel.py and references/excel-recipes.md.\n
  • Capability inventory: The skill can execute AppleScript, modify files, and trigger Excel VBA macros using Excel.run.\n
  • Sanitization/Boundaries: No boundary markers or sanitization are implemented for the ingested data, allowing malicious instructions to potentially influence the agent or execute local macros.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Use of an unverifiable dependency. The skill utilizes the PyXA library, which is not provided by a trusted organization as defined in the security policy.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:34 AM