xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The script recalc.py invokes soffice (LibreOffice) and system timeout utilities (timeout or gtimeout) via subprocess.run. This is necessary for recalculating Excel formulas but involves executing external binaries.
- [Dynamic Execution] (LOW): The skill generates a StarBasic macro file (Module1.xba) and saves it to the LibreOffice user configuration directory. This macro is subsequently executed by the application to perform the recalculation. While this is a form of dynamic code generation, it uses a fixed template for a legitimate purpose.
- [Indirect Prompt Injection] (LOW): The skill parses Excel files and returns cell locations and sheet names in its output. There is a potential surface for indirect prompt injection if the calling agent does not sanitize these strings before further processing.
Audit Metadata