xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The script utilizes
subprocess.runto callsoffice(LibreOffice) and system timeout commands. It correctly passes arguments as a list rather than a shell string, which prevents command injection vulnerabilities. Use ofshutil.whichensures the binary is correctly located on the system. - EXTERNAL_DOWNLOADS (SAFE): The script specifies
openpyxlas a dependency viauvscript metadata.openpyxlis a widely trusted and standard library for Excel file manipulation. No untrusted or remote scripts are downloaded. - DYNAMIC_EXECUTION (SAFE): The script generates a LibreOffice Basic macro (
Module1.xba) and saves it to the user's application configuration directory (~/.configor~/Library/Application Support). This is a necessary functional step to enable formula recalculation via the command line, and the generated code is hardcoded and benign. - DATA_EXFILTRATION (SAFE): Analysis of the source code confirms there are no network operations or unauthorized file access. The script only reads the specified Excel file and its own configuration files.
Audit Metadata