excel-auditor
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run local Python scripts using shell commands to process uploaded files.
- Evidence:
python scripts/extract_structure.py /mnt/user-data/uploads/<filename>.xlsxandpython scripts/extract_formulas.py /mnt/user-data/uploads/<filename>.xlsxfound inSKILL.md. - Risk: The direct interpolation of a filename into a shell command template could lead to command injection if the file name is crafted with shell metacharacters (e.g.,
;,|,&). - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data (Excel files), which introduces a surface for indirect prompt injection attacks.
- Ingestion points: External data enters the agent context via the extraction scripts processing files at
/mnt/user-data/uploads/<filename>.xlsx. - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or isolates instructions that might be embedded within the Excel cell content, sheet names, or metadata.
- Capability inventory: The skill possesses the ability to execute shell commands (
python scripts/...) and generate local files. - Sanitization: No sanitization or validation logic is defined in the instructions to filter potential injection payloads from the spreadsheet data.
Audit Metadata