excel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill presents a significant indirect prompt injection surface due to the combination of untrusted data ingestion and file-modification capabilities. 1. Ingestion points: Content is read from external files via
read,cell,from-csv, andfrom-jsoncommands. 2. Boundary markers: The documentation identifies no delimiters or markers to protect against instructions embedded in data. 3. Capability inventory: The skill can modify the file system using commands likewrite,edit, anddelete-sheet. 4. Sanitization: No sanitization or validation of external content is documented. - COMMAND_EXECUTION (LOW): The skill operates by executing a local Python script (
scripts/excel.py) using thepython3command. This is a standard but noteworthy pattern involving host-level execution.
Recommendations
- AI detected serious security threats
Audit Metadata