xlsx
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pycontains functionality to dynamically generate C source code at runtime and compile it into a shared object file using the system'sgcccompiler. - This library is then injected into the LibreOffice (
soffice) process using theLD_PRELOADenvironment variable to shim network socket calls. - [COMMAND_EXECUTION]: The skill frequently invokes external system binaries to perform its tasks:
scripts/recalc.pyexecutessoffice(LibreOffice) to perform headless formula recalculations.scripts/office/soffice.pyexecutesgccto compile the compatibility shim.scripts/office/validators/redlining.pyexecutesgitto perform word-level diffing between document versions.- [INDIRECT_PROMPT_INJECTION]: The skill possesses a large attack surface for indirect injection as it processes untrusted spreadsheet data and has significant local execution capabilities.
- Ingestion points: Reads and processes external
.xlsx,.csv, and.tsvfiles provided by the user. - Boundary markers: None explicitly defined for isolating cell text from agent instructions.
- Capability inventory: Subprocess execution of
soffice,gcc, andgitacross multiple helper scripts. - Sanitization: None performed on the spreadsheet content before processing.
Audit Metadata