xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script uses 'subprocess.run' to execute the 'soffice' system binary, passing user-controlled file paths as arguments.
- PERSISTENCE (HIGH): The 'setup_libreoffice_macro' function writes a StarBasic macro to the user's persistent configuration directory (e.g., ~/.config/libreoffice or ~/Library/Application Support/LibreOffice), which remains on the system after execution.
- INDIRECT PROMPT INJECTION (HIGH): The skill possesses a significant attack surface by ingesting external Excel files. Mandatory Evidence Chain: 1. Ingestion points: recalc.py reads filenames and processes their content via openpyxl and soffice. 2. Boundary markers: None present to delimit data from potential malicious payloads. 3. Capability inventory: Script has file system write access and system command execution. 4. Sanitization: No sanitization of spreadsheet content or structure is performed.
- DYNAMIC EXECUTION (MEDIUM): The script generates executable StarBasic code at runtime and saves it to the filesystem before invoking it via a specialized URI scheme.
Recommendations
- AI detected serious security threats
Audit Metadata