Skills
skills/davila7/claude-code-templates/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script executes the soffice (LibreOffice) binary via subprocess.run to perform formula recalculations in a headless environment. This is a standard and necessary procedure for headless spreadsheet processing.\n- [PROMPT_INJECTION]: The skill processes external spreadsheet data which presents an indirect prompt injection surface.\n
  • Ingestion points: Spreadsheet files loaded via pandas or openpyxl as described in SKILL.md.\n
  • Boundary markers: None identified in the provided files.\n
  • Capability inventory: Subprocess execution and arbitrary Python calculation for spreadsheet logic.\n
  • Sanitization: No validation of data read from spreadsheet cells is performed before processing.\n- [SAFE]: The skill uses trusted libraries and well-known tools for its primary purpose without suspicious network or file activity.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 05:00 AM