Skills
skills/boshi-xixixi/agenticflow-skills/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The provided recalc.py script executes the soffice (LibreOffice) command and system timeout utilities (timeout or gtimeout) to perform formula recalculation. These commands are executed safely using argument lists rather than shell strings.
  • [PROMPT_INJECTION]: The skill processes untrusted spreadsheet data (.xlsx, .csv, etc.), which presents a surface for indirect prompt injection attacks.
  • Ingestion points: Data is ingested via pd.read_excel and load_workbook as described in SKILL.md.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: Includes file system access, file writing, and local command execution via the recalc.py script.
  • Sanitization: No explicit sanitization or validation of spreadsheet content is implemented.
  • [SAFE]: The recalc.py script performs necessary configuration by writing a LibreOffice macro to the user's application configuration directory (e.g., ~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). This is a legitimate functional requirement for automated recalculation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:02 AM