Skills
skills/bighardperson/computer-science-skills-collection/sheetsmith/Gen Agent Trust Hub

sheetsmith

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/sheetsmith.py uses pandas.DataFrame.eval() and pandas.DataFrame.query() with the engine="python" parameter in the run_transform and run_filter functions. This engine evaluates arbitrary Python expressions. While intended for data manipulation, this can be exploited to execute unauthorized code if an attacker can influence the expression string.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external CSV and Excel files, which constitutes a vulnerability surface for indirect prompt injection.
  • Ingestion points: The load_dataframe function in scripts/sheetsmith.py reads data from files provided at runtime.
  • Boundary markers: None identified. The skill does not use delimiters or instructions to ignore embedded commands in the data.
  • Capability inventory: The skill can read/write files (load_dataframe, save_dataframe), drop/rename columns, and execute dynamic expressions via pandas.
  • Sanitization: No sanitization or validation of the input data or the resulting expressions is performed before execution.
  • [COMMAND_EXECUTION]: The test suite tests/test_sheetsmith.py utilizes subprocess.run to execute the CLI script during unit testing. While this is standard for testing, it is a mechanism for shell command execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — sheetsmith