Skills
skills/fivetaku/claude-office-skills/lbo-model/Gen Agent Trust Hub

lbo-model

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's preflight check ensures the standard 'openpyxl' library is installed, fetching it from the official Python package registry if missing.
  • Evidence: python3 -m pip install openpyxl in SKILL.md.
  • [COMMAND_EXECUTION]: The skill executes the local soffice (LibreOffice) binary via a Python script to perform headless recalculation of spreadsheet formulas.
  • Evidence: subprocess.run() call in scripts/recalc.py used to process the target Excel file.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and process external, untrusted Excel templates and data.
  • Ingestion points: User-provided Excel templates (.xlsx files) as described in SKILL.md.
  • Boundary markers: Absent; there are no specific delimiters or instructions to the agent to ignore instructions embedded within the spreadsheet data.
  • Capability inventory: The skill can read/write files via openpyxl and execute system commands via the recalc.py wrapper.
  • Sanitization: Absent; cell values and formula strings are processed without validation or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:10 AM