xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
recalc.pyscript usessubprocess.runto invoke thesoffice(LibreOffice) binary in headless mode for spreadsheet recalculation. - [REMOTE_CODE_EXECUTION]: The script
recalc.pydynamically generates an XML-based StarBasic macro (Module1.xba) and saves it to the user's LibreOffice application configuration directory (~/.config/libreoffice/or~/Library/Application Support/LibreOffice/). This macro is subsequently executed to calculate formulas within Excel workbooks. - [COMMAND_EXECUTION]: The documentation in
SKILL.mdinstructs the agent to execute a script namedscripts/generate_schematic.pyfor diagram generation, although this script is not bundled with the provided skill files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted spreadsheet data.
- Ingestion points: External data is loaded using
pandas.read_excel()andopenpyxl.load_workbook()in both documentation examples and therecalc.pyutility. - Boundary markers: There are no markers or specific instructions to isolate the data content from the agent's control logic.
- Capability inventory: The agent possesses file system write access and the ability to execute system commands via the provided scripts.
- Sanitization: No validation or sanitization is performed on the spreadsheet content before it is processed or used in calculations.
Audit Metadata