Skills
skills/thinkfleetai/thinkfleet-engine/excel-automation/Gen Agent Trust Hub

excel-automation

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the xlwings library from the public PyPI registry. This is a well-known and standard library for Excel automation.
  • [COMMAND_EXECUTION]: The skill utilizes the xlwings CLI to install an Excel add-in (xlwings addin install) and provides functionality to execute VBA macros (wb.macro()) within Excel workbooks. These operations are core to the skill's purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external Excel workbooks and can execute embedded VBA code.
  • Ingestion points: Instructions and examples in SKILL.md demonstrate reading data from worksheets (sheet.value) and opening existing workbooks (xw.Book).
  • Boundary markers: The skill does not provide specific boundary markers or instructions to ignore embedded malicious instructions in the Excel data.
  • Capability inventory: The skill has access to code_execution (Python), file_operations, and the ability to execute VBA macros (wb.macro()).
  • Sanitization: No sanitization of the data read from Excel cells or the macro names/code is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM