xlsx
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The recalc.py script uses the subprocess module to execute the soffice (LibreOffice) binary for formula recalculation and environment setup.\n- [COMMAND_EXECUTION]: The recalculation script writes a configuration macro to the user's LibreOffice application support directory to enable automated recalculation.\n- [PROMPT_INJECTION]: The skill processes external spreadsheet files which represents an indirect prompt injection surface.\n
- Ingestion points: User-provided Excel, CSV, and TSV files are ingested using pandas as described in SKILL.md.\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing prompts.\n
- Capability inventory: The skill can perform file system operations (openpyxl) and execute shell commands via recalc.py.\n
- Sanitization: No input sanitization or validation of spreadsheet content is performed before processing.
Audit Metadata