xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Persistence Mechanisms] (HIGH): The script modifies the global LibreOffice macro library by writing to the user's configuration directory (e.g., ~/.config/libreoffice/4/user/basic/Standard/Module1.xba). This macro becomes a permanent part of the local installation and is loaded on every application startup.
- [Indirect Prompt Injection] (HIGH): The skill processes external Excel files (untrusted data) and triggers local command execution to process them. 1. Ingestion points: The filename argument passed to the recalc function in recalc.py. 2. Boundary markers: Absent; the script processes the raw workbook content directly. 3. Capability inventory: Use of subprocess.run to execute soffice and file-system write access to configuration directories. 4. Sanitization: Absent; no validation of file content or structure is performed before passing it to the office calculation engine.
- [Dynamic Execution] (HIGH): The script performs runtime generation of executable StarBasic macro code. It writes this code to a persistent configuration file and executes it via the vnd.sun.star.script URI protocol, increasing the system's attack surface.
- [Command Execution] (MEDIUM): The script invokes external binaries (soffice, timeout, or gtimeout) via subprocess.run to process untrusted files. While arguments are handled as a list to prevent shell injection, executing a complex office suite on untrusted data carries inherent security risks.
Recommendations
- AI detected serious security threats
Audit Metadata