xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script invokes
soffice(LibreOffice) viasubprocess.run. While it avoids shell injection by passing arguments as a list, executing a full office suite to process external files involves running a complex environment that could be targeted by document-based exploits. - [DYNAMIC_EXECUTION] (MEDIUM): The skill dynamically creates a LibreOffice Basic macro file (
Module1.xba) in the user's application configuration directory at runtime. It then triggers this macro using avnd.sun.star.scriptURI. Generating and executing script files at runtime is a sensitive pattern that can be used to bypass static analysis. - [PERSISTENCE_MECHANISMS] (LOW): The script modifies the persistent configuration of LibreOffice by creating or overwriting files in
~/.config/libreofficeor~/Library/Application Support/LibreOffice. These changes persist on the host system after the skill has finished its task.
Audit Metadata