It's not going to happen. Neither Moodle nor any other web app can account for every potential security issue in every bit of software that might download and open data it saves. Otherwise they would have to filter for every database command, every word processor command, every operating system command, spreadsheets other than Excel (I use Libre Office myself for spreadsheet purposes) etc etc. The problem is not that Moodle exports a particular string, the issue is that Excel opens it and runs it as code/execution. I suspect it is possible to turn that off but it is about 10 years since I worked with Excel.
Quiz
CSV Injection
This discussion has been locked so you can no longer reply to it.