document-skills/xlsx
Warn
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
recalc.pyprogrammatically creates a LibreOffice macro file (Module1.xba) in the user's application configuration directory (e.g.,~/.config/libreofficeor~/Library/Application Support/LibreOffice). This constitutes automated modification of local application settings. - [COMMAND_EXECUTION]: The skill invokes the
soffice(LibreOffice) binary viasubprocess.runinrecalc.pyto execute the generated macro for formula recalculation. This involves running external system binaries with parameters derived from agent-managed files. - [PROMPT_INJECTION]: The skill is designed to read and process external spreadsheet data, which introduces a surface for indirect prompt injection.
- Ingestion points: Files are read using
pd.read_excel()andload_workbook()as described inSKILL.md. - Boundary markers: The instructions lack specific delimiters or instructions to prevent the agent from obeying commands embedded within the data of the spreadsheets being processed.
- Capability inventory: The skill possesses capabilities for writing to the filesystem and executing system commands via the provided
recalc.pyscript. - Sanitization: There is no description of data sanitization or validation protocols for the content of the spreadsheet files.
Audit Metadata