excel-cli

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's operation relies on the execution of the excelcli command-line tool. It directs the agent to build and run complex shell commands, including a 'batch mode' where the agent generates a JSON-formatted command list and executes it via the CLI.
  • [REMOTE_CODE_EXECUTION]: The skill exposes tools to import and execute VBA macros (vba import, vba run) and Power Query M code (powerquery evaluate). These features enable the execution of arbitrary scripts within the context of Microsoft Excel on the host system.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to install a global .NET tool (Sbroenne.ExcelMcp.CLI) and provides PowerShell commands to download and extract binary executables from a GitHub releases page (sbroenne/mcp-server-excel).
  • [DATA_EXFILTRATION]: The skill includes parameters (--format-dax, --format-m-code) that, if enabled, transmit user-provided DAX formulas or Power Query M code to external third-party web services (daxformatter.com and powerqueryformatter.com) for formatting purposes.
  • [PROMPT_INJECTION]: The skill contains explicit instructions ("Rule 1: NEVER Ask Clarifying Questions") designed to override the agent's standard conversational behavior, forcing it to act autonomously by executing commands rather than seeking user confirmation or clarification.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 09:21 AM
Security Audit — agent-trust-hub — excel-cli