As CSV files from web applications are frequently downloaded and then opened in Excel (or similar), consideration should be made for the possibility of Formula Injection (see here)

Mitigation would be to prefix with a single quote (') character wherever a value starts with equals ("="), plus ("+"), minus ("-"), at ("@") or percentage ("%") character

Suggest:
if (_val.Length > 0 && (new string[]{"=", "+". "-", "@", "%"}).Contains(_val.Substring(0,1)) _val = "'" + _val;

May be worth adding a boolean value (default true) to the CsvFormatterOptions to control this