wps-excel
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from Excel workbooks and uses it to drive agent behavior across a powerful set of tools.
- Ingestion points: The skill reads external data using
wps_excel_read_range,wps_excel_get_cell_value,wps_excel_get_cell_info, andwps_excel_get_cell_commentsas described inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or safety guardrails (such as "ignore embedded instructions") when processing data retrieved from cells.
- Capability inventory: The agent has extensive capabilities to modify the user's environment, including
wps_excel_set_formula,wps_excel_write_range,wps_excel_delete_sheet, andwps_excel_open_workbook(all listed inSKILL.md). - Sanitization: No sanitization or validation logic is defined to prevent malicious content within a spreadsheet from influencing the agent's logic or tool calls.
Audit Metadata