xlsx
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/office/soffice.pycontains logic to write a C source file to the system's temporary directory, compile it into a shared library usinggcc, and then use theLD_PRELOADenvironment variable to inject this library into thesoffice(LibreOffice) process. This is used to shim system calls related to AF_UNIX sockets, which may be blocked in some environments. - [COMMAND_EXECUTION]: The skill makes several calls to external system binaries using
subprocess.run: gcc: Used to compile the compatibility shim inscripts/office/soffice.py.soffice: The primary LibreOffice binary used for formula recalculation inscripts/recalc.pyandscripts/office/soffice.py.git: Used for generating document diffs inscripts/office/validators/redlining.py.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and process untrusted spreadsheet data (XLSX, CSV, etc.) from users. This data is then interpreted by the agent, creating a surface where malicious instructions embedded in a spreadsheet could attempt to influence the agent's behavior. The skill includes some XML sanitization via the
defusedxmllibrary, which mitigates standard XML-based attacks.
Audit Metadata