Skills
skills/7spade/black-tortoise/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script uses subprocess.run to execute soffice (LibreOffice) and system timeout utilities based on the host operating system.
  • [DYNAMIC_EXECUTION] (MEDIUM): The script dynamically generates and writes a LibreOffice Basic macro (Module1.xba) to the user's application configuration directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice) to enable recalculation functionality.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted Excel files; while it only extracts error strings and counts, automated processing of complex document formats via system tools presents an inherent attack surface for document-based exploits.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:21 AM