xlsx-code-mode
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing the
witanCLI tool on the local system to interact with Excel files. - [COMMAND_EXECUTION]: It generates and executes dynamic JavaScript code through the
witan xlsx execcommand to perform workbook manipulations. This behavior is the primary intended purpose of the skill and is managed via a vendor-provided sandboxed environment. - [COMMAND_EXECUTION]: The documentation explicitly promotes security best practices by recommending the use of single-quoted heredocs (
<<'WITAN') to mitigate the risk of shell injection when workbook data contains special characters.
Audit Metadata