xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The
recalc.pyscript automatically installs a StarBasic macro (Module1.xba) into the user's LibreOffice configuration directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). This modification persists after the skill execution and alters the behavior of the local LibreOffice installation. - Command Execution (MEDIUM): The script uses
subprocess.runto execute thesoffice(LibreOffice) binary. It also attempts to executetimeoutorgtimeoutbinaries depending on the host operating system to manage execution limits. - Dynamic Execution (MEDIUM): The script generates executable XML-based code (the .xba macro) at runtime and then instructs LibreOffice to execute it via a specialized URI (
vnd.sun.star.script). - Indirect Prompt Injection (LOW):
- Ingestion points: The script reads external untrusted data from Excel files using the
openpyxllibrary inrecalc.py. - Boundary markers: No explicit delimiters or instructions are used to separate file data from agent instructions.
- Capability inventory: The script has the capability to write to the filesystem (macro installation) and execute system commands (subprocess).
- Sanitization: The script limits the injection surface by only returning cell coordinates and error types to the agent, rather than full cell content, though it does not explicitly sanitize the sheet names used in the coordinates.
Audit Metadata