Excel Analysis
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Excel spreadsheets, creating a surface for indirect prompt injection. Ingestion points: Data enters the agent context via
pd.read_excel()andpd.ExcelFile()calls inSKILL.md. Boundary markers: No delimiters or instructions to ignore data-embedded commands are specified in the examples. Capability inventory: The skill allows for filesystem writes (to_excel), image generation (savefig), and terminal output (print). Sanitization: The provided snippets do not perform validation or sanitization of the spreadsheet content before processing.
Audit Metadata