Skills
skills/evanfang0054/cc-system-creator-scripts/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Runtime compilation and process injection are used to shim system calls.
  • Evidence: scripts/office/soffice.py writes C source code to a temporary file and compiles it into a shared library using gcc.
  • Evidence: It executes soffice with LD_PRELOAD set to the path of the compiled shared object to facilitate socket operations in restricted environments.
  • [COMMAND_EXECUTION]: Several scripts invoke system-level utilities.
  • Evidence: scripts/recalc.py and scripts/office/validate.py perform subprocess calls to soffice, git, and gtimeout.
  • [PROMPT_INJECTION]: The skill processes untrusted spreadsheet data and possesses powerful tool capabilities, creating a surface for indirect prompt injection.
  • Ingestion points: Data from spreadsheet files is ingested using pandas and openpyxl.
  • Boundary markers: No delimiters or instructions are used to isolate untrusted data from the agent prompt.
  • Capability inventory: The skill can execute shell commands and write to the local file system.
  • Sanitization: No sanitization or validation of the ingested data is performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 06:55 AM