Skills
skills/flight505/claude-project-planner/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script uses subprocess.run to call soffice (LibreOffice) and system timeout utilities. These calls are used to recalculate spreadsheet formulas in a headless environment and are executed using list-based arguments, which prevents shell injection.
  • [DYNAMIC_EXECUTION]: To enable automated recalculation, recalc.py generates a static LibreOffice Basic macro file and stores it in the user's LibreOffice configuration directory. This is a legitimate implementation detail required to automate the 'Calculate All' and 'Store' functions in LibreOffice. The generated macro is restricted to these functions and does not incorporate user-supplied code.
  • [EXTERNAL_DOWNLOADS]: The skill mentions a dependency on an external script located in .claude/skills/project-diagrams. This refers to a local skill within the environment rather than a remote download from an untrusted source.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 11:16 AM