xlsx
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
recalc.pyscript executes thesoffice(LibreOffice) binary viasubprocess.run. This is a functional requirement to enable theRecalculateAndSavemacro, which ensures that all formulas in the generated Excel files are properly evaluated. - [COMMAND_EXECUTION]: The script uses the system
timeoututility (orgtimeouton macOS) to prevent the LibreOffice process from hanging indefinitely during large spreadsheet calculations. - [COMMAND_EXECUTION]: The script performs a one-time setup by writing a StarBasic macro file to the local filesystem (
~/.config/libreoffice/or~/Library/Application Support/LibreOffice/). This persistent configuration is necessary to automate the 'Calculate All' and 'Store' functions within the headless Office suite. - [PROMPT_INJECTION]: The skill is designed to process untrusted data from external .xlsx, .csv, and .tsv files.
- Ingestion points: Data is read via
pandas.read_excelandopenpyxl.load_workbookas described in the SKILL.md instructions. - Boundary markers: The instructions do not specify any markers or delimiters to separate untrusted cell content from the agent's internal reasoning or instructions.
- Capability inventory: The skill has the ability to write to the filesystem and execute system commands via the provided
recalc.pyscript. - Sanitization: There are no documented steps for validating or escaping content retrieved from external spreadsheet files before it is processed by the agent.
Audit Metadata