excel-sheet
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's fallback script
scripts/csv-to-xlsx.pycreates a surface for indirect prompt injection by processing untrusted CSV data. - Ingestion points: Data is ingested from user-supplied CSV files in
scripts/csv-to-xlsx.py. - Boundary markers: The script does not use delimiters or instructions to ignore embedded commands within the CSV content.
- Capability inventory: The skill allows writing Excel files to the filesystem and supports formulas, which can be manipulated via the input data.
- Sanitization: There is no sanitization or escaping of special characters like '=' that could trigger formula execution in the resulting spreadsheet.
Audit Metadata