xlsx
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Runtime compilation of system utilities. The file
scripts/office/soffice.pycontains an embedded C source string that is written to a temporary file and compiled at runtime into a shared library (lo_socket_shim.so) usinggccviasubprocess.run. This is used to facilitate socket-level communication for LibreOffice in restricted environments.\n- [COMMAND_EXECUTION]: Process library injection. The skill utilizes theLD_PRELOADenvironment variable to load the dynamically compiled library into thesofficeprocess, hooking networking-related system calls such assocket,listen, andaccept.\n- [COMMAND_EXECUTION]: Execution of external binaries. The skill frequently invokes system binaries includingsoffice,gcc, andgitfor formula processing, component compilation, and document diffing throughsubprocess.runcalls.\n- [PROMPT_INJECTION]: Indirect prompt injection surface.\n - Ingestion points: Untrusted data enters the agent's context when reading external spreadsheet files (.xlsx, .csv) via
pandasandopenpyxl.\n - Boundary markers: The instructions lack explicit requirements for delimiters or warnings to ignore embedded instructions within cell content.\n
- Capability inventory: The ability to execute shell commands and write to the filesystem provides a significant surface that could be exploited if malicious instructions are processed from ingested files.\n
- Sanitization: While the skill mitigating XML-level threats using
defusedxmlis a secure practice, it does not include semantic filtering for natural language instructions in data cells.
Audit Metadata