xlsx

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script recalc.py uses subprocess.run to call soffice (LibreOffice) and system timeout utilities (timeout or gtimeout). These commands are constructed as lists of arguments, which prevents shell injection vulnerabilities.
  • [SAFE]: The skill uses recalc.py to dynamically create a LibreOffice macro file in the user's application configuration directory (e.g., ~/.config/libreoffice). This macro is restricted to recalculating formulas and saving the workbook, which is the primary stated purpose of the tool.
  • [SAFE]: No network operations, credential harvesting, or data exfiltration patterns were detected. The skill's operations are contained to the local filesystem and the processing of spreadsheet data as requested by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — xlsx