xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Persistence Mechanisms] (HIGH): The script modifies the user's LibreOffice configuration by writing a StarBasic macro (Module1.xba) to the user's application configuration directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice). This persists changes to the local environment and alters the behavior of the office suite without explicit user consent for configuration changes.\n- [Indirect Prompt Injection] (HIGH):\n
- Ingestion points: Reads external Excel files via the filename argument in recalc.py.\n
- Boundary markers: Absent. The script treats the entire file as data to be processed by the calculation engine.\n
- Capability inventory: Uses subprocess.run to invoke the soffice binary and uses the openpyxl library for file manipulation.\n
- Sanitization: Absent. There is no validation or sanitization of the input file before passing it to LibreOffice, creating a surface where maliciously crafted Excel files could exploit vulnerabilities in the office suite or the StarBasic interpreter.\n- [Command Execution] (MEDIUM): The script uses subprocess.run to execute system binaries (soffice, timeout, gtimeout). While it passes arguments as a list to mitigate basic shell injection, it relies on the presence and security of external system binaries which can be manipulated if the environment is compromised.\n- [Dynamic Execution] (MEDIUM): Generates executable StarBasic code at runtime and saves it to a local file for execution via a custom URI scheme (vnd.sun.star.script). Although the template is currently static, this pattern is a vector for runtime code injection.
Recommendations
- AI detected serious security threats
Audit Metadata