spreadsheet
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: The skill instructs the agent to use
sudo apt-get installfor installing system dependencies likelibreofficeandpoppler-utils. Running commands with superuser privileges poses a risk to the host environment. - [COMMAND_EXECUTION]: The skill provides shell command templates for rendering spreadsheets:
soffice --headless --convert-to pdf --outdir $OUTDIR $INPUT_XLSXandpdftoppm -png $OUTDIR/$BASENAME.pdf $OUTDIR/$BASENAME. If these commands are executed using unsanitized file paths or user-controlled filenames, they are vulnerable to command injection via shell metacharacters. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from
.xlsx,.csv, and.tsvfiles. - Ingestion points: The skill explicitly processes tabular data from external spreadsheet files (SKILL.md).
- Boundary markers: There are no instructions or delimiters provided to the agent to treat spreadsheet cell content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to write to the file system and execute subprocesses via
sofficeandpdftoppm(SKILL.md). - Sanitization: No sanitization or validation logic is defined for the content extracted from processed spreadsheets.
Audit Metadata