Skills
skills/flora131/atomic/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/recalc.py uses subprocess.run to execute soffice (LibreOffice) and system utilities like timeout and gtimeout to perform headless spreadsheet calculations.
  • [COMMAND_EXECUTION]: The document validation module scripts/office/validators/redlining.py invokes the git utility via subprocess.run to compute text-level differences during document auditing.
  • [COMMAND_EXECUTION]: The utility scripts/office/soffice.py executes the gcc compiler to build a shared library from dynamically generated C source code during the initialization phase.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic code generation and execution in scripts/office/soffice.py by compiling a custom C shim into a shared object and injecting it into the execution environment using the LD_PRELOAD environment variable to hook system socket calls.
  • [REMOTE_CODE_EXECUTION]: The scripts/recalc.py module programmatically writes a StarBasic macro to the user's LibreOffice configuration directory (~/.config/libreoffice/4/user/basic/Standard/Module1.xba) to automate internal spreadsheet recalculation commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 04:39 PM