The Agent Skills Directory

Dynamic Execution (HIGH): The script generates a StarBasic macro (Module1.xba) and writes it to the user's permanent LibreOffice profile directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). It then executes this generated code via the soffice command-line interface using a vnd.sun.star.script URI. This 'generate-then-execute' pattern in a persistent configuration path is a significant security risk.
Indirect Prompt Injection (HIGH): The skill is designed to process external, untrusted Excel files.
Ingestion points: recalc.py accepts a filename argument and processes the file's contents using both openpyxl and LibreOffice.
Boundary markers: Absent. There are no delimiters or instructions to ignore embedded malicious content within the Excel files.
Capability inventory: The skill can execute arbitrary commands via subprocess.run (soffice, timeout, gtimeout) and perform file-write operations through the LibreOffice macro (ThisComponent.store()).
Sanitization: None. The script does not validate or sanitize the Excel file before opening it in a high-privilege office environment.
Persistence Mechanism (MEDIUM): By installing a macro into the global LibreOffice 'Standard' library, the skill makes a persistent change to the user's environment that remains active across all future LibreOffice sessions, even when the skill is not running.

xlsx