Ifc To Excel

The skill is classified as suspicious due to its reliance on executing an external CLI tool (`IfcExporter.exe`) via `subprocess.run` in `SKILL.md`. While `subprocess.run` is used with a list of arguments (safer than `shell=True`), the `exporter_path` and `ifc_file` parameters are user-controlled inputs. If a malicious prompt could manipulate these paths, it could lead to arbitrary command execution (e.g., executing `calc.exe` by providing its path as the `ifc_file`). This represents a vulnerability (potential RCE) rather than clear malicious intent, as the stated purpose and code logic are otherwise aligned with IFC to Excel conversion.