xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess calls to execute system utilities for document processing. This includes invoking LibreOffice (
soffice) for formula recalculation,gitfor generating text diffs during validation, andgccfor compiling a compatibility shim. - Evidence: Found in
scripts/recalc.py,scripts/office/soffice.py, andscripts/office/validators/redlining.py. - [COMMAND_EXECUTION]: To support automated document saving and calculation, the skill programmatically creates a StarBasic macro file within the user's application configuration directory.
- Evidence: Logic for writing
Module1.xbais located inscripts/recalc.py. - [COMMAND_EXECUTION]: For operation in restricted environments where Unix sockets might be blocked, the skill generates a C-based shim at runtime and utilizes
LD_PRELOADto intercept and redirect socket calls for LibreOffice. - Implementation details are contained in
scripts/office/soffice.py. - [PROMPT_INJECTION]: The skill processes untrusted external files (XLSX, DOCX, PPTX), which represents an indirect prompt injection surface. Maliciously crafted document content could potentially influence the AI agent's logic if extracted data is used in downstream reasoning tasks without strict validation.
- Ingestion points include the unpacking and recalculation workflows in
scripts/office/unpack.pyandscripts/recalc.py.
Audit Metadata