The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection because it reads untrusted content from Excel files and has the capability to modify the local file system.\n
Ingestion points: The skill uses XlsxPopulate.fromFileAsync in SKILL.md and several example files (examples/quotation-editor.js, examples/basic-usage.js) to load user-provided Excel workbooks into the agent context.\n
Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore potentially malicious instructions embedded within cell data.\n
Capability inventory: The skill has file-write capabilities via the toFileAsync method and directory creation capabilities using fs.mkdirSync in examples/quotation-editor.js.\n
Sanitization: Absent. Data read from Excel cells is used directly in logic and re-written to files without validation or escaping.\n- [Unverifiable Dependencies] (MEDIUM): The skill requires the installation of the xlsx-populate package (version ^1.21.0) from the npm registry as specified in package.json. While this is a standard library for Excel processing, it is an external dependency from an untrusted source that is executed by the agent.\n- [Command Execution] (LOW): The package.json file defines scripts that execute Node.js code to run examples. These examples perform file system operations like reading from and writing to local paths (./data/, ./output/).

processing-excel-files