xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script recalc.py executes system commands via subprocess.run to call LibreOffice (soffice) for spreadsheet recalculation. This is an intended operation for the skill but involves system-level interaction.
- Evidence: The recalc function in recalc.py constructs and executes a command line targeting the soffice binary.
- [COMMAND_EXECUTION]: The skill performs dynamic code generation by creating a StarBasic macro and writing it to the local configuration directory to facilitate automated spreadsheet processing.
- Evidence: The setup_libreoffice_macro function in recalc.py writes a .xba macro file to the LibreOffice configuration directory (e.g., ~/.config/libreoffice/).
- [PROMPT_INJECTION]: The skill processes untrusted data from spreadsheet files, creating a surface for indirect prompt injection attacks.
- Ingestion points: File reading via pandas.read_excel and openpyxl.load_workbook in SKILL.md and recalc.py.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
- Capability inventory: The skill can read/write files and execute system commands via soffice.
- Sanitization: No content validation or sanitization is implemented for the data ingested from spreadsheets.
Audit Metadata