excel-report-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions in
SKILL.mdare focused on functional report generation. There are no hidden instructions to override agent behavior or bypass safety guardrails. - Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths (like
~/.sshor.env) were found. The skill operates on local data files as intended and does not perform network requests to external domains. - Obfuscation (SAFE): All code and documentation are in plain text. No encoded strings, zero-width characters, or homoglyphs are present.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on standard, trustworthy Python packages like
pandasandopenpyxl. It does not download or execute remote scripts viacurlorwget. - Indirect Prompt Injection (LOW): The skill is designed to process external data (CSVs, Excel templates), which is a theoretical ingestion surface. However, the logic is limited to data formatting and writing, with no signs of executing content derived from those data sources as instructions.
- Persistence & Privilege Escalation (SAFE): There are no commands related to
sudo, system service modification, or the creation of startup scripts.
Audit Metadata