xlsx-fix
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/fix_excel.pyuses thezipfile.extractall()method to unpack Excel files. This function does not natively prevent path traversal attacks. A malicious.xlsxfile containing members with filenames like../../etc/passwdor similar relative paths could be used to write or overwrite files outside of the intended temporary directory when the repair script is run.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external files and has several exploitable capabilities.\n - Ingestion points: The
fix_xlsx_empty_fillsfunction inscripts/fix_excel.pyaccepts and processes.xlsxfiles provided via thefilepathargument.\n - Boundary markers: Absent. The skill does not utilize delimiters or specific instructions to the agent to disregard instructions that might be embedded within the Excel metadata or content.\n
- Capability inventory: The skill utilizes
zipfilefor file extraction,os.walkfor filesystem traversal,shutil.copy2for creating backups, andshutil.rmtreefor directory deletion. Furthermore,SKILL.mddemonstrates the use ofsubprocess.run.\n - Sanitization: Absent. The script fails to validate or sanitize the paths of the zip archive members before extraction, creating a vulnerability surface for path traversal.\n- [COMMAND_EXECUTION]: The
SKILL.mdfile provides usage examples that encourage the agent to usesubprocess.runto execute thefix_excel.pyscript. Although the examples use a list of arguments rather than a shell string (which reduces direct shell injection risk), it facilitates the execution of local system commands on user-provided file paths.
Audit Metadata