Skills
skills/doyoonear/skills-and-agents/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script recalc.py uses subprocess.run to execute the soffice (LibreOffice) binary for formula recalculation.
  • [COMMAND_EXECUTION]: To facilitate recalculation, recalc.py dynamically writes a LibreOffice Basic macro (Module1.xba) to the user's application configuration directory and executes it via the system command line.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from external spreadsheet files without explicit sanitization or boundary markers.
  • Ingestion points: Data enters the agent context through pd.read_excel() and load_workbook() calls mentioned in SKILL.md.
  • Boundary markers: The skill does not implement delimiters or 'ignore' instructions to separate untrusted spreadsheet data from internal logic.
  • Capability inventory: The agent has the capacity to write files (wb.save, df.to_excel) and execute system commands via the recalc.py helper.
  • Sanitization: There is no evidence of data validation or content filtering for data extracted from spreadsheets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 06:39 AM