The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected. Natural instructional language regarding formula accuracy is present but benign.
[Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection because it ingests untrusted data from external files.
Ingestion points: Excel files are read via pd.read_excel() and load_workbook() in SKILL.md.
Boundary markers: None identified; there are no delimiters or warnings to ignore instructions within the spreadsheet data.
Capability inventory: The skill can read/write local files and perform complex data processing, but lacks network access or system command execution capabilities.
Sanitization: No sanitization or validation of the content of the Excel cells is implemented before processing.
[Unverifiable Dependencies] (SAFE): The skill utilizes standard, well-known libraries (pandas, openpyxl, xlrd) from established registries. No suspicious remote execution or piped installation patterns were found.
[Data Exposure & Exfiltration] (SAFE): Interactions are limited to local file operations required for the skill's primary purpose. No network exfiltration or hardcoded credentials were detected.

xlsx