data-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's primary functions involve data processing and reporting using well-known libraries such as pandas, openpyxl, and python-pptx.
- [COMMAND_EXECUTION]: The skill uses
scripts/recalc.pyto execute the LibreOfficesofficebinary for Excel formula recalculation. The implementation uses a structured command list withsubprocess.run, which safely handles argument escaping and prevents command injection. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface via
scripts/profile_data.py(CSV) andscripts/recalc.py(XLSX). While this represents an interface for untrusted data, the processing is handled through standard data science libraries (pandas, openpyxl) without unsafe interpolation into LLM prompts, and the behavior is expected for a data analysis utility. - [DYNAMIC_EXECUTION]:
scripts/recalc.pygenerates a static LibreOffice Basic macro (Module1.xba) in the user's application configuration directory to enable automation. This is a transparent, template-based configuration step necessary for the skill's Excel integration and does not involve the execution of arbitrary or obfuscated runtime-generated code.
Audit Metadata