xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The script
recalc.pydynamically generates a LibreOffice Basic macro (Module1.xba) and writes it to the user's local configuration directory (~/.config/libreofficeor~/Library/Application Support/LibreOffice). It then executes this macro via a specific URI scheme to perform Excel recalculations. While this is a functional requirement for the skill, writing and triggering execution of dynamic scripts is a sensitive operation. - Indirect Prompt Injection (LOW): The skill processes untrusted Excel files and extracts sheet names and cell coordinates to report errors. A maliciously crafted Excel file could use sheet names to inject instructions into the agent's context when it reviews the output JSON.
- Ingestion points:
recalc.pyreads data from user-provided Excel files using theopenpyxllibrary. - Boundary markers: The output JSON does not use delimiters or explicit warnings to separate untrusted content (like sheet names) from the tool's summary.
- Capability inventory: The script has the capability to execute shell commands (
soffice,timeout) and write to the local filesystem. - Sanitization: No sanitization or validation is performed on the metadata or strings extracted from the workbook before reporting them.
Audit Metadata