xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
recalc.pyinteracts with the system shell to execute thesoffice(LibreOffice) command and thetimeoututility using thesubprocessmodule to perform headless spreadsheet operations.\n- [COMMAND_EXECUTION]: The skill dynamically creates a StarBasic macro file (Module1.xba) within the user's local LibreOffice configuration directory and subsequently triggers its execution using avnd.sun.star.scriptURI scheme.\n- [PROMPT_INJECTION]: The skill contains deceptive metadata, identifying itself as 'official' and carrying 'Anthropic, PBC' copyright and license headers, which conflicts with the actual author identification provided in the context.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process data from external spreadsheet files (.xlsx,.csv) without implementing content sanitization or boundary markers while maintaining significant system capabilities.\n - Ingestion points: Operations like
pd.read_excel('file.xlsx')andload_workbook('existing.xlsx')described inSKILL.md.\n - Boundary markers: Absent; there are no instructions to the agent to treat cell contents as untrusted data or to ignore embedded instructions.\n
- Capability inventory: Includes system command execution via
subprocessand local file system write access.\n - Sanitization: Absent; the skill does not include logic for filtering or escaping data retrieved from spreadsheet cells.
Audit Metadata