Skills
skills/michelg10/evanai-client/Excel Spreadsheet Handler/Gen Agent Trust Hub

Excel Spreadsheet Handler

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (HIGH): The script dynamically generates StarBasic code and writes it to 'Module1.xba' in the user's LibreOffice configuration directory. It then executes this macro via 'subprocess.run' using the 'vnd.sun.star.script' protocol.
  • [Indirect Prompt Injection] (HIGH): The script handles untrusted Excel data with high-privilege capabilities. 1. Ingestion points: 'load_workbook' in recalc.py and 'soffice' filename argument. 2. Boundary markers: None. 3. Capability inventory: 'subprocess.run' for system commands and 'soffice' macro execution. 4. Sanitization: None.
  • [Persistence Mechanisms] (MEDIUM): The StarBasic macro written to the LibreOffice application profile persists after the script completes, permanently modifying the user's office environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:48 PM