openpyxl
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard Python packages 'openpyxl' and 'pandas' from PyPI, which are the industry standard for spreadsheet manipulation.
- [COMMAND_EXECUTION] (SAFE): Shell commands are restricted to standard package installation via 'pip'. No suspicious subprocess calls or command injections were found.
- [DATA_EXFILTRATION] (SAFE): No network exfiltration or unauthorized file access was detected. The code examples perform local file operations consistent with the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill includes functionality to read external Excel files ('load_workbook').
- Ingestion points: 'load_workbook', 'ws.iter_rows'.
- Boundary markers: Not present in the documentation snippets.
- Capability inventory: File system read/write via openpyxl.
- Sanitization: Not explicitly documented in the provided README. This represents a standard attack surface for any data-processing tool.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata