xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The script generates a StarBasic macro and writes it to the user's LibreOffice configuration directory for execution via the soffice command. This runtime generation and execution of script code represents a risk surface.\n- Persistence Mechanisms (MEDIUM): The script modifies the user's permanent application configuration by adding a macro to the LibreOffice Standard library, which remains on the system indefinitely.\n- Indirect Prompt Injection (LOW): The skill processes untrusted Excel files which could contain malicious logic or exploit vulnerabilities in the parsing software. 1. Ingestion points: recalc.py via command-line arguments. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of system binaries (soffice). 4. Sanitization: Absent.\n- Unverifiable Dependencies & Remote Code Execution (LOW): The script imports the openpyxl library without version pinning, relying on the environment's current state.
Audit Metadata