Skills
skills/x-cmd/skill/minimax-xlsx/Gen Agent Trust Hub

minimax-xlsx

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts and the LibreOffice Calc engine to automate spreadsheet tasks. Evidence: scripts/xlsx_insert_row.py calls xlsx_shift_rows.py, and scripts/libreoffice_recalc.py invokes the soffice binary for headless formula recalculation.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing data from user-supplied spreadsheet files.
  • Ingestion points: Untrusted data enters the agent context through XLSX and CSV files read via xlsx_reader.py and pandas.
  • Boundary markers: Absent; the instructions do not define delimiters or framing for cell content processed by the agent.
  • Capability inventory: The skill can write to the local file system and execute subprocesses via its script suite.
  • Sanitization: Implements path-traversal (zip-slip) protection in scripts/xlsx_unpack.py and static formula validation in scripts/formula_check.py.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:41 AM
Security Audit — agent-trust-hub — minimax-xlsx