xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from spreadsheet files without adequate protection.
- Ingestion points: Files are read using pandas.read_excel and openpyxl.load_workbook as described in SKILL.md and implemented in recalc.py.
- Boundary markers: None. There are no instructions or markers to distinguish between data and potential instructions within the files.
- Capability inventory: The skill has the ability to write to the file system (wb.save) and execute local shell commands via the recalc.py script.
- Sanitization: Absent. No logic is provided to sanitize or validate the content of processed spreadsheets.
- [COMMAND_EXECUTION]: The recalc.py script uses the Python subprocess module to execute the soffice (LibreOffice) binary. It performs system-level checks to handle timeouts and configuration paths on Linux and macOS, and writes a StarBasic macro to the user's local LibreOffice configuration directory to perform formula recalculations.
Audit Metadata