xlsx
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs runtime compilation of C code and utilizes LD_PRELOAD to inject the resulting shared library into the LibreOffice process. This technique is used to shim socket calls in restricted environments but increases the overall attack surface of the skill.
- [COMMAND_EXECUTION]: Multiple scripts utilize subprocess.run to interact with the host system. This includes executing soffice for spreadsheet tasks, gcc for compiling the socket shim, and git for generating document differences in scripts/office/validators/redlining.py.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests data from untrusted spreadsheet files without adequate boundary markers or sanitization while maintaining powerful command execution capabilities. Ingestion points include pandas.read_excel and openpyxl.load_workbook used in recalc.py and the main skill instructions.
Audit Metadata