brand-xlsx
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates its workflow through a local Python launcher (
scripts/cli.py) which manages tasks such as template extraction, workbook generation, and profile verification. - [EXTERNAL_DOWNLOADS]: The skill documentation identifies several external dependencies required for advanced features like visual auditing and OCR, including LibreOffice (
soffice), Poppler (pdftoppm), and Tesseract. Users are instructed to install these if missing. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it ingests untrusted data from user-supplied Excel templates and processes qualitative feedback to influence its understanding of document structure.
- Ingestion points: Untrusted data enters the agent context via user-provided
.xlsxtemplates and feedback strings or screenshots processed into structured refinement data. - Boundary markers: The engine uses a deterministic 'facts bundle' and requires the model to use verbatim identifiers to separate intent from data during the comprehension phase.
- Capability inventory: The skill performs file system operations and invokes subprocesses for document rendering and OCR through the local
scripts/cli.pytool. - Sanitization: Model-authored proposals are subjected to a fail-closed validation check against a strict schema and an inventory of verified identifiers before being merged into the brand profile.
Audit Metadata