Skills
skills/lawvable/awesome-legal-skills/xlsx-processing-anthropic/Gen Agent Trust Hub

xlsx-processing-anthropic

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script executes the soffice (LibreOffice) binary and system timeout or gtimeout utilities via subprocess.run. This is used specifically to recalculate formulas within Excel workbooks, as documented in the skill's workflow.
  • [DATA_EXFILTRATION]: The skill performs local file operations using pandas and openpyxl. No network operations or unauthorized data transmissions were detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from external spreadsheet files.
  • Ingestion points: Data enters the agent's context through pandas.read_excel and openpyxl.load_workbook as described in SKILL.md.
  • Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions embedded within spreadsheet cells.
  • Capability inventory: The skill possesses file-writing capabilities and command execution via the recalc.py script.
  • Sanitization: No explicit sanitization or filtering of cell content is implemented before processing.
  • [DYNAMIC_EXECUTION]: The recalc.py script dynamically generates a LibreOffice Basic macro (Module1.xba) in the user's local LibreOffice configuration directory. This macro is a fixed template used to automate the calculation of formulas and does not incorporate untrusted input into the executable code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:11 PM