spreadsheet
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of well-known Python libraries including
openpyxl,pandas, andmatplotlib. It also suggests installing established system utilities such aslibreofficeandpopplerfrom official package managers like Homebrew or apt. - [COMMAND_EXECUTION]: Instructions are provided for executing shell commands to perform document conversion and rendering tasks using
sofficeandpdftoppm. It also includes standard commands for installing system dependencies usingsudo apt-get. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it processes external spreadsheet files which could contain malicious instructions.
- Ingestion points: The skill reads and analyzes data from
.xlsx,.csv, and.tsvfiles provided by the user. - Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between data and embedded instructions within the spreadsheets.
- Capability inventory: The skill allows for Python code execution (for file manipulation) and shell command execution (for rendering).
- Sanitization: No sanitization or validation of the spreadsheet content is performed before processing.
Audit Metadata