xlsx
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/office/soffice.py' contains an embedded C source string that is written to a temporary file and compiled into a shared library using 'gcc' via 'subprocess.run'.
- [COMMAND_EXECUTION]: The 'scripts/office/soffice.py' script utilizes 'LD_PRELOAD' to inject the compiled shim into the 'soffice' process, hooking various socket-related system calls such as 'socket', 'listen', and 'accept'.
- [COMMAND_EXECUTION]: The skill executes external binaries including 'soffice', 'gcc', and 'git' using 'subprocess.run' across multiple scripts for formula recalculation, shim compilation, and redlining validation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface. Ingestion points: Untrusted spreadsheet data entering agent context via 'pd.read_excel' in 'SKILL.md' examples or 'load_workbook' in 'scripts/recalc.py'. Boundary markers: Absent. Capability inventory: High-risk command execution ('soffice', 'gcc', 'git') used in 'scripts/recalc.py' and 'scripts/office/soffice.py'. Sanitization: Absent.
Audit Metadata