xlsx
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script recalc.py uses the subprocess module to execute external binaries. It invokes the soffice (LibreOffice) executable to process spreadsheet files in headless mode and also attempts to use system utilities like timeout or gtimeout to wrap the execution.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic code generation and execution by interacting with the LibreOffice application environment. The setup_libreoffice_macro function in recalc.py programmatically creates a StarBasic macro file (Module1.xba) within the user's application configuration directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). The script then triggers the execution of this generated code by passing a specific macro execution URI (vnd.sun.star.script) to the soffice command line.
Audit Metadata