Skills
skills/bighardperson/computer-science-skills-collection/minimax-xlsx/Gen Agent Trust Hub

minimax-xlsx

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run() in xlsx_insert_row.py and libreoffice_recalc.py. These calls are used to execute local utility scripts included with the skill and the LibreOffice binary (soffice) to perform headless formula recalculation. These operations are restricted to local processing and are essential for the skill's functionality.
  • [EXTERNAL_DOWNLOADS]: The skill instructions and scripts reference the installation and use of pandas and LibreOffice. These are well-known technology tools and office suites from established organizations, and their use for spreadsheet processing is standard practice.
  • [SAFE]: The script xlsx_unpack.py includes specific security logic to detect and block Zip-slip (path traversal) attacks by validating that extracted file paths do not escape the designated target directory. This is a proactive security measure.
  • [SAFE]: The skill's architectural choice to use surgical XML editing instead of high-level libraries like openpyxl for modification is a technical decision intended to preserve complex file components such as VBA macros and pivot tables, which are often lost during library round-trips.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:47 AM
Security Audit — agent-trust-hub — minimax-xlsx