Trust Assessment
xlsx received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Path Traversal via Unsanitized File Paths.
The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Path Traversal via Unsanitized File Paths The skill demonstrates reading from and writing to local files using `pandas.read_excel`, `pandas.to_excel`, `openpyxl.load_workbook`, and `openpyxl.Workbook.save`. If the filenames or paths provided to these functions are derived directly from untrusted user input without proper sanitization or validation, an attacker could exploit path traversal vulnerabilities (e.g., `../../../../etc/passwd`) to read, write, or overwrite files outside the intended working directory. This could lead to data exfiltration, unauthorized modification of system files, or other security breaches, depending on the agent's execution environment and permissions. Implement strict input validation and sanitization for all filenames and paths provided by untrusted sources. Ensure that file paths are confined to an allowed, secure directory (e.g., using `os.path.abspath` and checking against a base directory, or using a dedicated temporary directory). Avoid directly concatenating user input into file paths without proper validation. | Unknown | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/37740f91fcffa2c9)
Powered by SkillShield