Skills
skills/promptadvisers/claude-code-polished-documents-skills/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): Detected surface for indirect prompt injection as the skill processes external Excel files.
  • Ingestion points: recalc.py reads user-provided Excel files using the openpyxl library.
  • Boundary markers: Absent. The script identifies and returns cell coordinates and error strings (e.g., #REF!) which are then passed to the agent context without specific encapsulation.
  • Capability inventory: The script can execute subprocesses (soffice) and read/write files in the local filesystem.
  • Sanitization: Input filenames are converted to absolute paths and passed as list arguments to subprocess.run, which prevents shell injection.
  • COMMAND_EXECUTION (SAFE): The script executes soffice and timeout using subprocess.run with a list of arguments. This is a best-practice implementation that prevents command injection.
  • Persistence (LOW): The setup_libreoffice_macro function writes a StarBasic macro to the user's LibreOffice configuration directory (Module1.xba). While this is a persistent modification of application configuration, it is the primary mechanism required for the skill's stated purpose and contains no malicious logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 05:23 PM