excel-mapper
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/extract_map.pyscript installs theopenpyxlandpandasPython packages from the official PyPI registry at runtime if they are not already available in the environment.\n- [COMMAND_EXECUTION]: TheSKILL.mdinstructions include shell commands for the agent to run, such aslsandpythonscripts, which use placeholders for user-supplied file paths. This pattern relies on the agent's ability to safely handle parameters within shell commands.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts data from untrusted user-uploaded Excel files and presents it to the agent as an authoritative reference for decision-making.\n - Ingestion points: User-uploaded Excel workbooks in
/mnt/user-data/uploads/are parsed by thescripts/extract_map.pyscript.\n - Boundary markers: Absent. There are no delimiters or instructions that mark the extracted workbook data as untrusted or separate from the agent's primary instructions.\n
- Capability inventory: The agent is authorized to execute shell commands and read/write to the file system.\n
- Sanitization: Absent. The skill does not implement filtering or sanitization of cell values, column headers, or formulas to prevent malicious instructions from influencing the agent.
Audit Metadata