Skills
skills/heyflouai/ikf-central-dashboard/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Dynamic Execution (LOW): The script recalc.py generates a LibreOffice Basic macro (Module1.xba) and writes it to the local filesystem (~/.config/libreoffice or similar). This is required to trigger a full recalculation via the command line. The macro code is hardcoded and limited to calling calculateAll() and store(). While typically a MEDIUM concern, the severity is lowered because this behavior is essential to the skill's primary purpose.
  • Persistence Mechanisms (LOW): The macro file persists in the user's LibreOffice configuration folder after the script finishes. This is a minor modification of the local environment to support ongoing functionality.
  • Command Execution (LOW): The script invokes the soffice binary and timeout/gtimeout utilities using subprocess.run. It uses a list for arguments rather than a shell string, which prevents command injection vulnerabilities from malicious filenames.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 02:18 AM