Skill✓ Certified

openai-spreadsheet-skill

Creates, edits, and analyzes spreadsheet files with formula support, formatting, charts, and data manipulation capabilities.

/ 100 · Grade A

A = 90–100

“I need to create, edit, or analyze spreadsheet files with complex formulas, formatting, and data visualization requirements.”

data processingoffice automationfile manipulationspreadsheetdata analysis

Publisher: openaiVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

openai-spreadsheet-skill earned Certified status with a trust score of 92/100 (Grade A). No adversarial findings — all attack patterns were handled gracefully.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

100% × 25w

25.0

provenance

80% × 20w

16.0

consumer confirm

100% × 10w

10.0

behavioral pass

100% × 10w

10.0

contract accuracy

67% × 6w

4.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerPASS

staticbehavioralllmmeta

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 3 categories, 0 findings

prompt injection chainscapability squattingcontext poisoning

No adversarial findings — all attack patterns handled gracefully.

Methodology v1.0 · 3 categories · ~55 attack patterns

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 23498msp95: 26761msp99: 26761ms

Output size distribution

p50: 5.6 KBp95: 6.3 KBmean: 5.2 KB

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Interface

Skill triggers and instruction summary

Activation

Activates when tasks involve creating, editing, analyzing, or formatting spreadsheets with formula-aware workflows.

Handles Excel (.xlsx), CSV, and TSV files with focus on formulas, formatting, analysis, and visual review.

Instructions: 120Files: 3Format: markdown

Does

Use openpyxl for .xlsx editing and formatting preservation

Use pandas for analysis and CSV/TSV workflows

Recalculate formulas before delivery when possible

Render sheets for visual review using LibreOffice and Poppler when available

Use formulas for derived values instead of hardcoding results

Preserve existing formatting in modified spreadsheets

Apply appropriate number, date, and currency formats

Cite sources within spreadsheets using URLs and cell comments

Save outputs to output/spreadsheet/ directory

Clean up intermediate files from tmp/spreadsheets/

Does not

Use dynamic array functions like FILTER, XLOOKUP, SORT, or SEQUENCE

Overwrite established formatting unless explicitly requested

Apply borders around every filled cell

Use volatile functions like INDIRECT and OFFSET unless required

Expose internal spreadsheet tool APIs in user-facing explanations

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

⚠creates files

yes

⚠deletes files

yes

⚠modifies files

yes

✓accesses env variables

⚠invokes external tools

yes

✓makes network requests

Known Failure Modes

Documented edge cases and recovery behaviors

when when required dependencies are missing

then the agent tells user which dependency is missing and how to install it locally

when when rendering tools are unavailable

then the agent tells user that layout should be reviewed locally

when when installation is not possible in environment

then the agent informs user of missing dependencies and local installation instructions

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "openai" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 3 days old — recently created

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:ff9b2a4bbe74f01b39e08c688c739ea37515f2d18130821db0f2286e4795482b

Key IDkms-9db4ed3b9f53

CertifiedMar 28, 2026

ExpiresMar 28, 2027

Pipeline version1.0

Statusvalid

download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

↓

stage1-ingest.json

Ingest stage output

↓

stage2a-sbom.json

SBOM generation results

↓

stage2a-vulns.json

Vulnerability scan results

↓

stage2b-security.json

Security scan results

↓

stage3a-functional.json

Functional test results

↓

stage3b-adversarial.json

Adversarial test results

↓

stage3c-fingerprint.json

Behavioral fingerprint

↓

stage4-certify.json

Certification decision + trust score

↓

stage3a-measurements.json

Raw functional test measurements

↓

stage3b-measurements.json

Raw adversarial test measurements

↓

run-log.json

Pipeline execution log

↓

Not all files may be present for every certification.