Skills
skills/rabbit-ivan/ivan-skills/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The recalc.py script executes the soffice command locally to perform headless formula recalculation in Excel files.
  • [PROMPT_INJECTION]: The skill processes external spreadsheet files, which represents an indirect prompt injection surface. Ingestion points: Data is loaded via pandas.read_excel and load_workbook as described in SKILL.md and implemented in recalc.py. Boundary markers: No explicit delimiters are specified for spreadsheet cell content. Capability inventory: The skill can read/write files and execute local system commands (soffice). Sanitization: No sanitization of cell content is performed.
  • [COMMAND_EXECUTION]: The recalc.py script dynamically generates a LibreOffice Basic macro file and saves it to the local user configuration directory to facilitate automated spreadsheet processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:00 AM