Skills
skills/crazymsn/academic-skills/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently invokes shell commands using subprocess.run() to perform core functions:
  • It uses soffice to recalculate spreadsheet formulas via a custom Basic macro.
  • It uses gcc to compile a shared library from a hardcoded C source string at runtime.
  • It uses git for document diffing in the redlining validator.
  • [REMOTE_CODE_EXECUTION]: The skill implements dynamic code generation and execution. In scripts/office/soffice.py, it writes C source code to a temporary file, compiles it into a shared object (.so), and shims LibreOffice's system calls by setting the LD_PRELOAD environment variable. This allows the skill to override standard library behaviors for networking and process management.
  • [COMMAND_EXECUTION]: The skill persists code by installing a Basic macro (RecalculateAndSave) into the local user's LibreOffice configuration path (e.g., ~/.config/libreoffice/4/user/basic/Standard/Module1.xba). This macro is then triggered via command-line arguments to soffice to automate calculations.
  • [REMOTE_CODE_EXECUTION]: Inconsistent use of safe XML parsing libraries creates vulnerability surfaces. While some scripts use defusedxml to mitigate XML External Entity (XXE) attacks, scripts/office/validators/redlining.py and scripts/office/validators/base.py use the standard xml.etree.ElementTree or lxml.etree.parse(), which are vulnerable to XXE when processing untrusted document data.
  • [COMMAND_EXECUTION]: The skill contains deceptive metadata. The LICENSE.txt file incorrectly identifies the owner as Anthropic, PBC, which contradicts the author information provided in the skill context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 09:24 AM
Security Audit — agent-trust-hub — xlsx