xlsx
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DYNAMIC_EXECUTION]: Runtime creation and compilation of system components.
- The script
scripts/office/soffice.pygenerates a C source file and compiles it usinggccinto a shared library (lo_socket_shim.so). - This library is loaded via the
LD_PRELOADenvironment variable to shim socket system calls, allowing LibreOffice to function in restricted execution environments where AF_UNIX sockets are blocked. - [COMMAND_EXECUTION]: Systematic use of subprocesses for core spreadsheet tasks.
- The skill invokes several external utilities including
soffice(LibreOffice) for formula recalculation,gccfor library compilation,gitfor comparing document versions, andtimeoutfor process control. - [PERSISTENCE_MECHANISMS]: Persistent modification of application configuration state.
- The script
scripts/recalc.pywrites a StarBasic macro to the user's LibreOffice configuration directory (e.g.,~/.config/libreoffice/4/user/basic/Standard/Module1.xba). This is intended to automate spreadsheet recalculation but involves modifying application state across sessions. - [INDIRECT_PROMPT_INJECTION]: Processing of untrusted spreadsheet data.
- The skill parses and manipulates content from user-provided
.xlsx,.csv, and other spreadsheet files usingpandasandopenpyxl. This creates an entry point for adversarial data or malformed formulas to influence the agent's behavior. - [DATA_EXPOSURE_AND_EXFILTRATION]: Potentially unsafe XML parsing during validation.
- The validation components in
scripts/office/validators/utilizelxml.etreeto parse XML components of Office documents. Without explicit entity resolution restrictions, this could potentially expose the environment to XML External Entity (XXE) vulnerabilities when processing malicious files.
Audit Metadata