document-skills/xlsx

Warn

Audited by Gen Agent Trust Hub on Jun 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script recalc.py programmatically creates a LibreOffice macro file (Module1.xba) in the user's application configuration directory (e.g., ~/.config/libreoffice or ~/Library/Application Support/LibreOffice). This constitutes automated modification of local application settings.
  • [COMMAND_EXECUTION]: The skill invokes the soffice (LibreOffice) binary via subprocess.run in recalc.py to execute the generated macro for formula recalculation. This involves running external system binaries with parameters derived from agent-managed files.
  • [PROMPT_INJECTION]: The skill is designed to read and process external spreadsheet data, which introduces a surface for indirect prompt injection.
  • Ingestion points: Files are read using pd.read_excel() and load_workbook() as described in SKILL.md.
  • Boundary markers: The instructions lack specific delimiters or instructions to prevent the agent from obeying commands embedded within the data of the spreadsheets being processed.
  • Capability inventory: The skill possesses capabilities for writing to the filesystem and executing system commands via the provided recalc.py script.
  • Sanitization: There is no description of data sanitization or validation protocols for the content of the spreadsheet files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 6, 2026, 02:28 PM
Security Audit — agent-trust-hub — document-skills/xlsx