xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external spreadsheet files (XLSX, CSV, TSV). \n
- Ingestion points: The skill reads external files using
pd.read_excel()andload_workbook()as described in the workflows inSKILL.md. \n - Boundary markers: No boundary markers or specific safety instructions are provided to the agent to distinguish between cell data and potential malicious instructions. \n
- Capability inventory: The environment allows for Python script execution, file system modification, and system command execution via the
recalc.pyscript. \n - Sanitization: The skill does not implement or recommend sanitization for the data extracted from the spreadsheets before it is used by the agent. \n- [COMMAND_EXECUTION]: The
recalc.pyhelper script performs local command execution and modifies application configuration files. \n - Evidence: The script uses
subprocess.runto invoke thesoffice(LibreOffice) binary in headless mode to recalculate formulas. \n - Evidence: It automatically writes a LibreOffice macro file (
Module1.xba) to the user's application configuration directory (e.g.,~/.config/libreoffice/or~/Library/Application Support/LibreOffice/) to enable the recalculation functionality.
Audit Metadata