xlsx
Fail
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Runtime C code compilation and process injection in 'scripts/office/soffice.py'. The script compiles a hardcoded C source using 'gcc' and injects the resulting shared object into the LibreOffice process via the 'LD_PRELOAD' environment variable to shim socket system calls.
- [REMOTE_CODE_EXECUTION]: Dynamic macro installation in 'scripts/recalc.py'. The script writes StarBasic code to the user's LibreOffice configuration path ('Module1.xba') to automate calculator functions, modifying the local software environment.
- [COMMAND_EXECUTION]: Multiple scripts execute system commands via the 'subprocess' module. 'scripts/office/soffice.py' runs the 'gcc' compiler, 'scripts/recalc.py' runs 'soffice' with macro execution arguments, and 'scripts/office/validators/redlining.py' runs 'git diff'.
- [PROMPT_INJECTION]: High surface for indirect prompt injection. Ingestion points: 'pandas.read_excel' (SKILL.md), 'load_workbook' (recalc.py), and ZIP extraction (unpack.py). Boundary markers: Absent. Capability inventory: High-risk system capabilities including 'subprocess.run', 'gcc' compilation, and file modification. Sanitization: Uses 'defusedxml' for XML safety, but lacks logic-based sanitization for document content.
Recommendations
- AI detected serious security threats
Audit Metadata