Excel Analysis

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the processing of external data files, creating a potential surface for indirect prompt injection.
  • Ingestion points: The skill instructions and Python examples use pd.read_excel() to ingest data from external files (e.g., data.xlsx, sales.xlsx, messy_data.xlsx).
  • Boundary markers: There are no boundary markers or specific instructions to the agent to treat the contents of these Excel files as untrusted data or to ignore any embedded natural language instructions.
  • Capability inventory: The skill includes the capability to write to the local file system through df.to_excel(), plt.savefig(), and wb.save().
  • Sanitization: While the skill demonstrates data cleaning (e.g., removing whitespace and handling missing values), it does not implement sanitization or validation to detect or neutralize malicious instructions embedded within the spreadsheet data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:32 PM
Security Audit — agent-trust-hub — Excel Analysis