xlsx
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and provided code snippets are consistent with its stated goal of spreadsheet manipulation. No security violations or malicious behaviors were detected.
- [COMMAND_EXECUTION]: The skill utilizes a local script,
scripts/recalc.py, to recalculate Excel formulas via LibreOffice. This is a legitimate operational step for ensuring spreadsheet accuracy and is initiated through standard shell commands. - [PROMPT_INJECTION]: The skill processes untrusted spreadsheet data, which creates a potential surface for indirect prompt injection attacks.
- Ingestion points: The skill reads
.xlsx,.csv, and.tsvfiles usingpandasandopenpyxl(SKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to ignore or isolate potential instructions embedded within cell contents.
- Capability inventory: The skill can write files to the local file system and execute a local Python script for formula recalculation.
- Sanitization: No data validation or sanitization routines are specified for handling the content retrieved from external files.
Audit Metadata