xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The script
recalc.pywrites a LibreOffice Basic macro to the user's permanent configuration directory (~/.config/libreoffice/4/user/basic/Standard/Module1.xbaon Linux or the equivalent on macOS). This modification persists across sessions and affects the global behavior of the LibreOffice application for that user. - Dynamic Execution (MEDIUM): The skill generates executable macro code as a string and writes it to disk before invoking it. While the code is hardcoded in the script, this pattern of 'generate-write-execute' is a common vector for more serious vulnerabilities if any part of the string becomes attacker-controlled.
- Command Execution (LOW): The script uses
subprocess.runto call system binaries includingsoffice,timeout, andgtimeout. This is required for its primary purpose but represents a significant capability for an AI agent. - Indirect Prompt Injection (LOW): The skill processes untrusted Excel files provided by users.
- Ingestion points: Files are opened via
openpyxl.load_workbookinrecalc.py. - Boundary markers: None; the script iterates through all sheets and cells.
- Capability inventory: The script triggers
ThisComponent.calculateAll()in LibreOffice. A malicious Excel file could contain formulas likeWEBSERVICEorLINKthat trigger network requests or external data access when recalculated. - Sanitization: No validation is performed on the content of the formulas before requesting LibreOffice to execute them.
Audit Metadata