skills/jjyaoao/helloagents/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script uses the subprocess module to execute the soffice (LibreOffice) binary for formula recalculation and environment setup.\n- [COMMAND_EXECUTION]: The recalculation script writes a configuration macro to the user's LibreOffice application support directory to enable automated recalculation.\n- [PROMPT_INJECTION]: The skill processes external spreadsheet files which represents an indirect prompt injection surface.\n
  • Ingestion points: User-provided Excel, CSV, and TSV files are ingested using pandas as described in SKILL.md.\n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing prompts.\n
  • Capability inventory: The skill can perform file system operations (openpyxl) and execute shell commands via recalc.py.\n
  • Sanitization: No input sanitization or validation of spreadsheet content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:34 PM
Security Audit — agent-trust-hub — xlsx