xlsx

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script executes the soffice (LibreOffice) binary via subprocess.run. This is a functional requirement to enable the RecalculateAndSave macro, which ensures that all formulas in the generated Excel files are properly evaluated.
  • [COMMAND_EXECUTION]: The script uses the system timeout utility (or gtimeout on macOS) to prevent the LibreOffice process from hanging indefinitely during large spreadsheet calculations.
  • [COMMAND_EXECUTION]: The script performs a one-time setup by writing a StarBasic macro file to the local filesystem (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). This persistent configuration is necessary to automate the 'Calculate All' and 'Store' functions within the headless Office suite.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted data from external .xlsx, .csv, and .tsv files.
  • Ingestion points: Data is read via pandas.read_excel and openpyxl.load_workbook as described in the SKILL.md instructions.
  • Boundary markers: The instructions do not specify any markers or delimiters to separate untrusted cell content from the agent's internal reasoning or instructions.
  • Capability inventory: The skill has the ability to write to the filesystem and execute system commands via the provided recalc.py script.
  • Sanitization: There are no documented steps for validating or escaping content retrieved from external spreadsheet files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — xlsx