Skills
skills/dfk1352/libreoffice-skills/libreoffice-calc/Gen Agent Trust Hub

libreoffice-calc

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill launches the LibreOffice executable (soffice) using subprocess.Popen in scripts/uno_bridge.py. This is a necessary operation for the skill's primary function. The command is constructed using a list of arguments without a shell, and the binary path is resolved through a standard search of system paths and common installation locations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from spreadsheet files.
  • Ingestion points: Data is read into the agent's context via read_cell, read_range, and get_named_range methods in scripts/calc/session.py.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the read data.
  • Capability inventory: The skill has the capability to execute shell commands (to launch LibreOffice) and perform file system read/write operations.
  • Sanitization: The data read from cells is returned as raw values without sanitization or escaping of potential instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 09:08 AM