Skills
skills/srsubramanian/langchain-docker/xlsx/Gen Agent Trust Hub

xlsx

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The utility script recalc.py dynamically generates a LibreOffice Basic macro and writes it to the user configuration directory before executing it via subprocess.run. This qualifies as dynamic script generation and execution for formula verification.
  • EXTERNAL_DOWNLOADS (LOW): The skill metadata references the anthropics/skills GitHub repository, which is a recognized trusted source.
  • PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection through ingested spreadsheet data. 1. Ingestion points: recalc.py and examples.md (via pandas and openpyxl). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution and filesystem writes. 4. Sanitization: No validation or escaping of cell content is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:27 PM