xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The recalc.py script uses the subprocess module to invoke the soffice command from LibreOffice for headless formula recalculation.
- Evidence: The recalc function in the provided script constructs a command list starting with 'soffice' and executes it using subprocess.run().
- [COMMAND_EXECUTION]: The skill dynamically creates and manages a LibreOffice macro to automate workbook operations such as calculation and saving.
- Evidence: The setup_libreoffice_macro function in recalc.py writes XML macro content to a Module1.xba file within the user's LibreOffice configuration directory.
- [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection by reading external spreadsheet data while maintaining command execution capabilities.
- Ingestion points: External data is ingested through pd.read_excel() and openpyxl.load_workbook() as demonstrated in the SKILL.md examples.
- Boundary markers: The provided prompts and scripts do not include specific delimiters or instructions to the agent to disregard embedded commands in the processed data.
- Capability inventory: The skill has the capability to execute the soffice binary and write to the local file system.
- Sanitization: No specific content-based sanitization or filtering is performed on spreadsheet values before processing.
Audit Metadata