Skills
skills/tivojn/office/xlsx-design-agent/Gen Agent Trust Hub

xlsx-design-agent

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes subprocess.run to execute AppleScript via osascript, enabling interaction with the host operating system and Microsoft Excel.
  • [COMMAND_EXECUTION] (MEDIUM): VBA code is dynamically generated and executed using the do Visual Basic command within AppleScript. The implementation in applescript-patterns.md uses string interpolation, creating a potential surface for script injection if untrusted data is processed.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill depends on standard third-party Python packages including openpyxl, Pillow, and pandas, which must be installed via pip.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): An automated scanner (URLite) flagged a phishing URL (com.app) associated with the skill, suggesting potential risks in components of the skill not visible in the current snippets.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:33 PM