The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external Excel files (recalc.py) and possesses high-privilege capabilities including system command execution and file writing. There are no boundary markers or sanitization processes to prevent malicious formulas or content within a document from influencing the agent's behavior or exploiting the local environment during processing.
[COMMAND_EXECUTION] (HIGH): The script creates a persistent StarBasic macro in the user's LibreOffice configuration directory (~/.config/libreoffice/.../Module1.xba or macOS equivalent) to enable formula calculation (Category 6). This modification persists across sessions and is executed automatically via the soffice command.
[REMOTE_CODE_EXECUTION] (MEDIUM): The script performs dynamic code generation (Category 10) by assembling StarBasic code as a string and writing it to a file that is then executed through the LibreOffice automation interface.
[DATA_EXFILTRATION] (LOW): The script accesses arbitrary local files provided as command-line arguments. While no network exfiltration was detected, the tool provides a mechanism for the agent to read and process sensitive local data.

xlsx