skills/phuryn/skills/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: scripts/office/soffice.py performs runtime compilation and process injection. The script writes C source code to a temporary directory, compiles it into a shared objects library using 'gcc', and then uses the 'LD_PRELOAD' environment variable to inject this library into the LibreOffice ('soffice') process. This mechanism acts as a shim to bypass network socket restrictions (AF_UNIX) in certain restricted or sandboxed environments.
  • [COMMAND_EXECUTION]: The skill uses 'subprocess.run' across multiple scripts to execute system-level commands. 'scripts/recalc.py' executes 'soffice' and 'gtimeout', 'scripts/office/soffice.py' executes 'gcc', and 'scripts/office/validators/redlining.py' executes 'git' to perform text diffing.
  • [COMMAND_EXECUTION]: 'scripts/recalc.py' modifies the user's environment by writing a LibreOffice macro file ('Module1.xba') directly to configuration directories on the filesystem (e.g., '~/.config/libreoffice/'). This is required for the automated 'RecalculateAndSave' functionality.
  • [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its combination of high-privilege capabilities and ingestion of untrusted data. 1. Ingestion points: Untrusted spreadsheet data is read and processed via pandas as described in the SKILL.md workflow. 2. Boundary markers: There are no delimiters or instructions to ignore embedded content in the provided documentation or scripts. 3. Capability inventory: The skill has the ability to execute shell commands, compile code at runtime, and modify filesystem configurations (scripts/recalc.py, scripts/office/soffice.py). 4. Sanitization: No evidence of sanitization or filtering of file content was found before the data is processed or interpolated.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 11:49 AM
Security Audit — agent-trust-hub — xlsx