Skills
skills/nickcrew/claude-ctx-plugin/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py utility script executes the soffice (LibreOffice) binary and system timeout commands using subprocess.run to automate formula recalculation.
  • [COMMAND_EXECUTION]: The skill performs dynamic code execution by writing a StarBasic macro file (Module1.xba) to the user's local LibreOffice configuration directory and then executing it via the command line. This modifies the application environment and executes locally generated code.
  • [PROMPT_INJECTION]: The skill's metadata contains contradictory information, claiming an 'MIT License' in the YAML frontmatter while the LICENSE.txt file and skill description specify a 'Proprietary' license with restrictive usage terms.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 10:22 PM
Security Audit — agent-trust-hub — xlsx