Trust Assessment
excel-online received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input in curl arguments, Potential MICROSOFT_ACCESS_TOKEN exfiltration via unsanitized curl arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized user input in curl arguments The skill's examples demonstrate the use of `curl` commands where parts of the URL, such as `{item-id}` and `{sheet-name}`, are placeholders intended to be filled by user-provided input. If these placeholders are directly interpolated into shell commands without proper sanitization or escaping, an attacker could inject shell metacharacters (e.g., `;`, `|`, `&`, `$()`) to execute arbitrary commands on the host system where the skill is run. This poses a severe risk of remote code execution. Implement robust input validation and sanitization for all user-provided parameters used in constructing shell commands. Ensure that all dynamic parts of the URL and other `curl` arguments are properly escaped to prevent shell metacharacter injection. Consider using a dedicated HTTP client library in a programming language (e.g., Python's `requests`, Node.js's `axios`) instead of direct shell execution of `curl` to mitigate shell injection risks entirely. | LLM | SKILL.md:22 | |
| CRITICAL | Potential MICROSOFT_ACCESS_TOKEN exfiltration via unsanitized curl arguments The `curl` commands shown in the skill's documentation include the `$MICROSOFT_ACCESS_TOKEN` in the Authorization header. If user-controlled input (e.g., `{item-id}`, `{sheet-name}`) is directly interpolated into the URL without strict validation and sanitization, an attacker could craft a malicious input that modifies the URL to point to an external, attacker-controlled server. This would cause the `curl` command to send the sensitive `MICROSOFT_ACCESS_TOKEN` to the attacker's server, leading to credential exfiltration and potential unauthorized access to the user's Microsoft Graph data. Implement strict input validation and sanitization for all user-provided parameters used in constructing URLs for `curl` commands. Ensure that user input cannot modify the base URL, introduce new hostnames, or alter the request destination. Validate that all URL components conform to expected formats and do not contain malicious characters or patterns. Using a dedicated HTTP client library can also help prevent URL manipulation and token leakage. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/87c1732a5a8a92e7)
Powered by SkillShield