Skills
skills/trailofbits/skills-curated/openai-spreadsheet/Gen Agent Trust Hub

openai-spreadsheet

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH security risk primarily due to a clear prompt injection attempt and instructions for privilege escalation. The skill's SKILL.md file contains a directive that attempts to override the AI's internal safety guidelines. Furthermore, it explicitly instructs users to install system packages using sudo, granting elevated privileges which could be exploited. The use of pip install for Python dependencies also introduces a risk of executing unverified external code. Finally, an example script demonstrates reading arbitrary spreadsheet content and printing it to standard output, which could lead to unintended data exposure.

Total Findings: 4

🔴 HIGH Findings: • Prompt Injection

  • SKILL.md:14: IMPORTANT: System and user instructions always take precedence.
  • This instruction attempts to override the AI's internal guidelines, a classic prompt injection pattern. • Privilege Escalation
  • SKILL.md:60: sudo apt-get install -y libreoffice poppler-utils
  • The use of sudo grants elevated privileges, which is a significant security risk as it allows system-wide changes.

🟡 MEDIUM Findings: • Unverifiable Dependencies / External Downloads

  • SKILL.md:48: uv pip install openpyxl pandas
  • Instructions to install external Python packages via pip or uv introduce a dependency on unverified code. While openpyxl and pandas are legitimate, the mechanism itself can be exploited if a malicious package is substituted or if the packages themselves contain vulnerabilities. This also applies to python3 -m pip install openpyxl pandas, uv pip install matplotlib, and python3 -m pip install matplotlib.

🔵 LOW Findings: • Potential Data Exposure

  • references/examples/openpyxl/read_existing_spreadsheet.py:50: print(values)
  • The script reads content from an arbitrary .xlsx file and prints it to standard output. While not direct exfiltration to a remote server, printing arbitrary file content could lead to data leakage if the output is captured or logged in an insecure environment.

ℹ️ TRUSTED SOURCE References: • None directly applicable for downgrading findings, as the identified issues are related to the skill's own instructions and code execution patterns, not solely to downloads from trusted sources.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 03:51 PM