Security Audit
lawvable/awesome-legal-skills:skills/xlsx-processing-openai
github.com/lawvable/awesome-legal-skillsTrust Assessment
lawvable/awesome-legal-skills:skills/xlsx-processing-openai received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Prompt Injection Attempt in Skill Documentation, Potential Command Injection via External Tool Execution, Excessive File System Write Permissions via Python Scripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 26, 2026 (commit 4d82d4cf). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt in Skill Documentation The skill's documentation contains a phrase 'IMPORTANT: System and user instructions always take precedence.' This is a common prompt injection pattern designed to override the LLM's internal system instructions. A malicious user could leverage this to manipulate the LLM's behavior beyond its intended scope. Remove or rephrase the instruction 'IMPORTANT: System and user instructions always take precedence.' to avoid potential prompt injection. Ensure that the LLM's core instructions are robust against such overrides. | LLM | SKILL.md:13 | |
| HIGH | Potential Command Injection via External Tool Execution The skill documentation explicitly instructs the LLM to execute external system commands (`soffice`, `pdftoppm`) for rendering. If the arguments to these commands (e.g., `$OUTDIR`, `$INPUT_XLSX`, `$BASENAME`) are derived from untrusted user input without proper sanitization, a malicious user could inject arbitrary shell commands, leading to remote code execution or data exfiltration. Avoid direct execution of shell commands with user-controlled arguments. If external tools are necessary, implement strict input validation and sanitization for all arguments. Consider using a sandboxed environment or a dedicated API for such operations to prevent command injection. | Static | SKILL.md:34 | |
| MEDIUM | Excessive File System Write Permissions via Python Scripts The example Python scripts (`create_basic_spreadsheet.py`, `create_spreadsheet_with_styling.py`, `styling_spreadsheet.py`) accept an arbitrary `--output` path via `argparse`. This allows the LLM, if instructed by a malicious user, to write files to any location on the filesystem where the process has write permissions. This could lead to overwriting critical system files, creating malicious files in sensitive directories, or filling up disk space. Restrict the `--output` argument to a predefined, secure output directory. Do not allow arbitrary file paths. If user-specified subdirectories are needed, ensure they are strictly relative to the secure base directory and sanitize input to prevent directory traversal attacks. | Static | references/examples/openpyxl/create_basic_spreadsheet.py:17 | |
| MEDIUM | Data Exfiltration Risk via Arbitrary File Read in Python Script The `read_existing_spreadsheet.py` example script accepts an arbitrary `--input` path via `argparse`. This allows the LLM, if instructed by a malicious user, to read the content of any file on the filesystem where the process has read permissions. This could be exploited to exfiltrate sensitive data such as configuration files, credentials, or user data. Restrict the `--input` argument to a predefined, secure input directory or only allow reading files explicitly uploaded by the user. Implement strict input validation and sanitization to prevent directory traversal attacks and access to unauthorized files. | Static | references/examples/openpyxl/read_existing_spreadsheet.py:26 |
Scan History
Embed Code
[](https://skillshield.io/report/96a8762b5aab2c68)
Powered by SkillShield