spreadsheet
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs common Python libraries including openpyxl, pandas, and matplotlib, as well as system-level rendering tools like libreoffice and poppler-utils through standard package managers.
- [COMMAND_EXECUTION]: The skill uses shell commands to invoke soffice (LibreOffice) and pdftoppm (Poppler) for converting spreadsheet files to PDF and PNG formats for visual review.
- [PROMPT_INJECTION]: The skill processes data from external sources (.xlsx, .csv, .tsv files), which creates a surface for indirect prompt injection. 1. Ingestion points: Documented in SKILL.md and implemented in references/examples/openpyxl/read_existing_spreadsheet.py. 2. Boundary markers: Not used to delimit untrusted spreadsheet data. 3. Capability inventory: The skill has the ability to write to the local filesystem and execute subprocesses for file rendering. 4. Sanitization: No specific validation or sanitization of spreadsheet cell content is specified before analysis or rendering.
Audit Metadata