Skills
skills/bighardperson/computer-science-skills-collection/automate-excel/Gen Agent Trust Hub

automate-excel

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements various scripts that perform local file system operations, including reading and writing spreadsheet files (Excel and CSV).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external files.
  • Ingestion points: Multiple scripts (e.g., merge_sheets.py, filter_excel.py, template_fill.py) read untrusted data from user-supplied .xlsx and .csv files.
  • Boundary markers: The skill does not use specific delimiters or instructions to distinguish data from potential embedded instructions within the spreadsheet cells.
  • Capability inventory: The skill possesses the capability to read, transform, and write files to the local disk. It does not have network access or administrative privileges.
  • Sanitization: Although standard libraries like pandas and openpyxl are used for parsing, and placeholder cleanup is performed in template_fill.py, there is no content-level sanitization to prevent an agent from interpreting spreadsheet data as instructions during subsequent processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — automate-excel