Documents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Persistence Mechanisms] (LOW): The
Xlsx/recalc.pyscript modifies the local LibreOffice configuration by writing a StarBasic macro to the user's application profile (e.g.,~/.config/libreoffice/4/user/basic/Standard/Module1.xba). This modification persists across sessions to enable Excel formula recalculation. - [Dynamic Execution] (LOW):
Xlsx/recalc.pydynamically generates and saves StarBasic code at runtime before executing it through the LibreOffice binary. This behavior is tied to the skill's primary function. - [Command Execution] (LOW): The skill uses
subprocess.runto invoke thesoffice(LibreOffice) binary for document validation and formula recalculation. While functional, this creates a dependency on external binary execution. - [Indirect Prompt Injection] (LOW): The skill processes untrusted documents (PDF, DOCX, PPTX, XLSX) and extracts data into structured formats interpreted by the agent. 1. Ingestion points: PDF and Office files provided by users. 2. Boundary markers: Instructional guidelines are present in
Pdf/forms.md, but extracted data lacks strict delimiters. 3. Capability inventory: Includes subprocess execution of LibreOffice, file system writes, and XML parsing. 4. Sanitization: Employs thedefusedxmllibrary to mitigate XML External Entity (XXE) vulnerabilities during file parsing.
Audit Metadata