Similar to the following feature request logged in Kendo UI for jQuery - Add ability to sanitize exported data in Excel spreadsheet to prevent formula-injection
So far cell values starting with '=', are executable in the Excel file:
There is a way to prevent that by manually customizing the generated workbook and adding a single quote prefix to the cell value.
cell.value = "'=Executable-Formula";
However, this will change the initial value of the cell.
Provide a way to prevent the formula injection and persist the value in the cell.