xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external
.xlsxfiles usingpandasandopenpyxl. - Ingestion points:
pd.read_excel()andload_workbook()ingest data from files that could contain malicious instructions. - Boundary markers: None explicitly defined in the prompt instructions to warn the agent about ignoring embedded text in cells.
- Capability inventory: The skill uses
pandasandopenpyxlfor file reading and writing. Nosubprocessorevalcalls are present. - Sanitization: No explicit sanitization of cell content is shown before use, though the primary use case is data analysis rather than instruction following.
Audit Metadata