xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script,
recalc.py, which uses LibreOffice to recalculate formulas in Excel workbooks. - [EXTERNAL_DOWNLOADS]: According to the documentation, the
recalc.pyscript automatically configures LibreOffice on its first run, which involves setting up external dependencies required for the skill's operation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from spreadsheets and contains a directive stating that 'Existing template conventions ALWAYS override these guidelines.' The mandatory evidence chain is as follows:
- Ingestion points: Untrusted data is read from files using
pd.read_excel()andload_workbook(). - Boundary markers: There are no markers or instructions to isolate file content from the agent's logic.
- Capability inventory: The skill has permissions to write files, execute Python code, and perform command-line operations.
- Sanitization: No sanitization or validation of the input data is described.
Audit Metadata