xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (HIGH): The skill performs runtime compilation of C code and process injection. In 'scripts/office/soffice.py', it writes C source code to a temporary file and executes 'gcc' to compile it into a shared library. This library is then injected into the 'soffice' process using the 'LD_PRELOAD' environment variable to intercept system socket calls.
- Persistence Mechanisms (HIGH): The script 'scripts/recalc.py' writes a StarBasic macro ('Module1.xba') to the user's LibreOffice configuration directory ('
/.config/libreoffice/' or '/Library/Application Support/LibreOffice/'). This macro persists across application sessions and is globally available to the application. - Command Execution (MEDIUM): Multiple scripts, including 'pack.py', 'recalc.py', 'redlining.py', and 'soffice.py', use 'subprocess.run' to execute external binaries such as 'gcc', 'git', 'soffice', and 'timeout'. The execution of a compiler on dynamically generated code is particularly high-risk.
- Indirect Prompt Injection (LOW): The skill processes complex, attacker-controllable Office documents (DOCX, PPTX, XLSX). This creates an attack surface where malicious data within the files could influence the agent's behavior. \n
- Ingestion points: 'scripts/office/unpack.py' and 'scripts/office/validate.py' read external Office files.\n
- Boundary markers: None identified.\n
- Capability inventory: File system access and subprocess execution of compilers and office suites.\n
- Sanitization: Partial. The skill uses 'defusedxml' for some XML operations but relies on 'lxml.etree' and 'xml.etree.ElementTree' in 'pptx.py' and 'redlining.py', which may have different security profiles regarding XML external entity (XXE) protection.
Recommendations
- AI detected serious security threats
Audit Metadata