xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script uses subprocess.run to invoke the soffice binary. While it uses argument lists to mitigate basic shell injection, the execution of external binaries based on user-provided file paths is a sensitive capability. * Evidence: recalc.py uses subprocess.run to call soffice with a macro command string.
- DYNAMIC_EXECUTION (MEDIUM): The script programmatically creates and writes a StarBasic macro to the user's local LibreOffice configuration directory and then triggers its execution. * Evidence: recalc.py: setup_libreoffice_macro writes Module1.xba to ~/.config/libreoffice or the macOS equivalent.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted Excel data and extracts cell contents (error strings) which are then reported to the LLM. * Ingestion point: recalc.py uses openpyxl.load_workbook to read external files. * Boundary markers: None present. * Capability inventory: Subprocess execution and filesystem write. * Sanitization: Cell values are processed without sanitization or validation.
Audit Metadata