xlsx-official
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The recalc.py script executes system commands via subprocess.run to invoke LibreOffice (soffice) and system timeout utilities.
- [COMMAND_EXECUTION]: The skill performs persistent environment modification by writing StarBasic macro files to local LibreOffice configuration directories (~/.config/libreoffice or ~/Library/Application Support/LibreOffice).
- [REMOTE_CODE_EXECUTION]: The script recalc.py dynamically generates StarBasic code at runtime, saves it as a macro file, and subsequently executes it via the LibreOffice API.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when processing untrusted Excel and CSV files.
- Ingestion points: Files are read using pandas.read_excel and openpyxl.load_workbook as described in SKILL.md.
- Boundary markers: None identified.
- Capability inventory: Subprocess execution and filesystem write operations are present in the associated scripts.
- Sanitization: No validation or sanitization of ingested spreadsheet content is performed.
Audit Metadata