xlsx
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several internal utility scripts (
xlsx_insert_row.py,libreoffice_recalc.py) that execute shell commands viasubprocess.run. These commands are used to call other scripts within the skill's own package (e.g.,xlsx_shift_rows.py) or the LibreOffice binary for formula recalculation. These calls are implemented using list-based arguments rather than shell strings, which is a best practice that mitigates command injection risks. - [DYNAMIC_EXECUTION]: The skill performs dynamic execution by running its own suite of Python scripts to manage complex spreadsheet operations. This behavior is necessary for the skill's primary purpose of surgical XML editing and does not involve executing untrusted or remote code.
- [EXTERNAL_DOWNLOADS]: The documentation references standard, well-known Python packages like
pandasandopenpyxl. These are recognized as trusted dependencies and do not represent a security risk. - [DATA_EXPOSURE]: The skill processes user-provided spreadsheet files. While this involves reading and writing data, the operations are confined to the files explicitly targeted by the user's request. No unauthorized file access or network exfiltration was detected.
- [INDIRECT_PROMPT_INJECTION]: The skill has an inherent ingestion surface for indirect prompt injection as it processes untrusted spreadsheet data.
- Ingestion points: User-provided
.xlsx,.xlsm,.csv, and.tsvfiles processed viaxlsx_reader.pyandpandas. - Boundary markers: The skill instructions do not currently specify boundary markers or directives to ignore instructions embedded within the spreadsheet data.
- Capability inventory: File system access (read/write) and internal command execution.
- Sanitization: The skill relies on standard library parsing and does not mention specific natural language sanitization for cell content.
Audit Metadata