csv-formula-injection
CommunityValidate CSV-to-spreadsheet formula injection risks.
AuthorlNwNl
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It helps you assess whether CSV or spreadsheet exports can be manipulated so that spreadsheet software evaluates attacker-controlled cell contents as formulas or DDE/external-call primitives.
Core Features & Use Cases
- Identify spreadsheet sinks: Focuses on where exported CSV/XLSX/TSV and user-controlled fields flow into Excel, LibreOffice Calc, or Google Sheets (including IMPORT* functions).
- Design controlled reproduction tests: Covers formula-trigger prefixes (e.g., =, +, -, @), DDE patterns for Excel/LibreOffice, and Google Sheets import probes using authorized endpoints.
- Validate and document evidence safely: Emphasizes authorized testing, observing whether evaluation/warnings occur, and capturing product/version details to support remediation.
- Use-case example: When user fields (like names, memos, or tags) are exported to an administrative CSV report and then opened in Excel, you can verify whether crafted values trigger formula evaluation and external behaviors.
Quick Start
Ask an AI to generate authorized, harmless test CSV rows for detecting spreadsheet formula evaluation and outline the exact evidence to capture when the file is opened in Excel, LibreOffice Calc, or Google Sheets.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: csv-formula-injection Download link: https://github.com/lNwNl/Methodos/archive/main.zip#csv-formula-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.