xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
recalc.pyto handle formula recalculation in Excel workbooks. - [REMOTE_CODE_EXECUTION]: The
recalc.pyscript is described as performing automated configuration of the LibreOffice environment during its first execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted spreadsheet data. Evidence: 1. Ingestion points: Data entering through pandas and openpyxl methods in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions for cell content are specified. 3. Capability inventory: Ability to execute commands and write files. 4. Sanitization: No sanitization of cell data before processing or recalculation is documented.
Audit Metadata