Skills
skills/fivetaku/claude-office-skills/3-statement-model/Gen Agent Trust Hub

3-statement-model

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/recalc.py invokes the soffice (LibreOffice) binary using subprocess.run. The implementation is secure as it uses a list for arguments rather than a single string and avoids shell=True, preventing shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing openpyxl via pip and LibreOffice via system package managers (brew, apt). These are standard dependencies for Excel automation and document processing.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from external sources, specifically SEC filings and user-provided Excel templates. This creates an entry point for untrusted data; however, the risk is mitigated by the skill's focus on structured financial data and the extensive 'Master Check' validation logic included in the instructions.
  • [SAFE]: No malicious patterns such as credential exfiltration, obfuscation, or persistence mechanisms were detected. The technical implementation aligns with the stated financial modeling purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:10 AM