brand-xlsx

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates its workflow through a local Python launcher (scripts/cli.py) which manages tasks such as template extraction, workbook generation, and profile verification.
  • [EXTERNAL_DOWNLOADS]: The skill documentation identifies several external dependencies required for advanced features like visual auditing and OCR, including LibreOffice (soffice), Poppler (pdftoppm), and Tesseract. Users are instructed to install these if missing.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it ingests untrusted data from user-supplied Excel templates and processes qualitative feedback to influence its understanding of document structure.
  • Ingestion points: Untrusted data enters the agent context via user-provided .xlsx templates and feedback strings or screenshots processed into structured refinement data.
  • Boundary markers: The engine uses a deterministic 'facts bundle' and requires the model to use verbatim identifiers to separate intent from data during the comprehension phase.
  • Capability inventory: The skill performs file system operations and invokes subprocesses for document rendering and OCR through the local scripts/cli.py tool.
  • Sanitization: Model-authored proposals are subjected to a fail-closed validation check against a strict schema and an inventory of verified identifiers before being merged into the brand profile.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 AM
Security Audit — agent-trust-hub — brand-xlsx