Skills
skills/k-dense-ai/scientific-agent-skills/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute system commands including soffice, gcc, and git. In scripts/office/soffice.py, it performs runtime compilation of embedded C source code and injects the resulting shared object into the LibreOffice process using LD_PRELOAD. This is used to shim Unix socket behavior in restricted VM environments but involves high-risk process injection techniques.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its interaction with untrusted spreadsheet files.\n
  • Ingestion points: Processes external spreadsheet data (.xlsx, .csv) via pandas and openpyxl in SKILL.md and scripts/recalc.py.\n
  • Boundary markers: Absent. There are no delimiters or specific instructions to isolate cell data from the agent's command context.\n
  • Capability inventory: The skill possesses significant capabilities, including arbitrary file system access and shell command execution via subprocess.run in multiple scripts.\n
  • Sanitization: Absent. Spreadsheet content is processed and integrated into the agent's context without sanitization or instruction-filtering.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:14 PM