Skills
skills/yejinlei/excel-parser-skill/excel-parser/Gen Agent Trust Hub

excel-parser

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In scripts/excel_parser.py, the install_dependency function uses subprocess.check_call to execute pip install commands. This allows the skill to modify the system environment at runtime through shell execution.
  • [EXTERNAL_DOWNLOADS]: The ExcelParser class in scripts/excel_parser.py is configured to automatically download and install well-known libraries from the Python Package Index if they are not detected during initialization.
  • [PROMPT_INJECTION]: The skill processes content from external Excel files and incorporates it into the agent's context via the parse_excel_to_text method in scripts/excel_parser.py. It lacks robust sanitization to prevent the agent from following instructions potentially embedded within worksheet cells.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 02:21 AM