excel-processor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill possesses a surface for indirect prompt injection as it processes data from external Excel files.\n
- Ingestion points:
scripts/read_excel.pyandscripts/analyze_excel.pyextract cell content from workbook objects.\n - Boundary markers: The skill returns data within structured JSON blocks, which provides a technical boundary between the data and the agent's control flow.\n
- Capability inventory: Scripts are limited to data extraction and statistical analysis; they do not possess network or shell execution capabilities.\n
- Sanitization: Cell values are cast to basic types (string, int, float) but are not explicitly sanitized for embedded instructions.\n- Dependency Review (SAFE): The skill relies on 'openpyxl', a well-known and trusted package for handling OpenXML files. The version constraint (>=3.1.0) avoids older versions with known XML processing vulnerabilities.
Audit Metadata