Skills
skills/sickn33/antigravity-awesome-skills/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script recalc.py executes the soffice (LibreOffice) binary via subprocess.run. Although it passes arguments as a list to prevent shell injection, it invokes external system-level software with access to the filesystem.
  • [PERSISTENCE] (MEDIUM): The setup_libreoffice_macro function in recalc.py writes a StarBasic macro (Module1.xba) to the user's local LibreOffice configuration directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice). This modification persists across sessions and modifies the behavior of the LibreOffice application.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted Excel files, creating a surface for indirect prompt injection. 1. Ingestion points: load_workbook(filename) in recalc.py. 2. Boundary markers: Absent. 3. Capability inventory: subprocess.run (command execution) and openpyxl (file reading). 4. Sanitization: Absent; cell values are extracted and reported to the agent, which could be manipulated if cell content contains malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:49 PM