xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script uses
subprocess.runto executesoffice(LibreOffice) and system timeout utilities (timeoutorgtimeout). These calls are essential for the primary purpose of recalculating Excel files but involve system-level process spawning. - [DYNAMIC_EXECUTION] (LOW): The skill programmatically generates a StarBasic macro (
Module1.xba) and writes it to the local filesystem to enable automated workbook calculations within the LibreOffice environment. - [PERSISTENCE_MECHANISMS] (LOW): By writing the macro to the user's LibreOffice configuration directory (e.g.,
~/.config/libreoffice/), the script leaves a persistent artifact that remains after the process completes. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external Excel files provided via command-line arguments. While it identifies formula errors, the processing of untrusted files by a complex application like LibreOffice represents a theoretical attack surface for document-based exploits.
- Ingestion points: Reads files provided via
sys.argv[1]inrecalc.py. - Boundary markers: None; the file content is processed directly by LibreOffice and
openpyxl. - Capability inventory: File system writes (
open), directory creation (os.makedirs), and command execution (subprocess.run). - Sanitization: Validates file existence via
Path.exists()but does not sanitize the content of the Excel file before calculation.
Audit Metadata