xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Persistence Mechanisms] (MEDIUM): The script modifies the user's application configuration by creating a persistent LibreOffice macro file (
Module1.xba) in~/.config/libreofficeor~/Library/Application Support/LibreOffice. This configuration remains on the system after the skill completes execution. - [Dynamic Execution] (MEDIUM): The skill dynamically generates LibreOffice Basic code (
RecalculateAndSavemacro) and executes it via thesofficebinary. This pattern of script generation and execution is a common security concern, although the macro content here is hardcoded. - [Indirect Prompt Injection] (LOW): The skill processes external Excel files and returns cell contents (error locations and types) to the agent. This creates a surface where malicious data in a spreadsheet could influence agent behavior.
- Ingestion points:
recalc.py(lines 103, 119) loads and iterates through all cells in the provided Excel file. - Boundary markers: None. The script does not use delimiters or warnings when processing cell content.
- Capability inventory:
subprocess.run(lines 39, 79) executes external commands includingsofficeandtimeoututilities. - Sanitization: None. Cell values are checked for specific error strings and the resulting locations are returned as raw strings.
- [Command Execution] (LOW): The skill invokes several external binaries (
soffice,timeout,gtimeout) usingsubprocess.run. While it uses list-based arguments to prevent shell injection, it relies on these tools being present and executable in the environment.
Audit Metadata