Skills
skills/ttmouse/skills/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script executes the soffice binary and manages a local LibreOffice macro to perform formula recalculation. This involves system-level command execution to interface with external software.\n- [PROMPT_INJECTION]: The skill processes untrusted Excel and CSV files, creating a surface for indirect prompt injection.\n
  • Ingestion points: pd.read_excel() and load_workbook() functions described in SKILL.md.\n
  • Boundary markers: No specific delimiters or safety instructions are provided for handling untrusted file content.\n
  • Capability inventory: The skill can write files and execute shell commands via the provided recalc.py script.\n
  • Sanitization: There is no evidence of sanitization or validation of the data ingested from spreadsheets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:13 AM
Security Audit — agent-trust-hub — xlsx