xlsx-processing-anthropic
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The script 'recalc.py' dynamically generates a LibreOffice Basic macro (Module1.xba) and writes it to the user's application configuration directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice). While this is a functional requirement for the skill to perform recalculations, writing to config paths and executing generated code via subprocess is a sensitive behavior.
- [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface for external Excel files and has the capability to write to the filesystem and execute system commands.
- Ingestion points: 'recalc.py' uses the 'openpyxl' library to read user-provided Excel files.
- Boundary markers: None; cell content is processed directly to identify error strings.
- Capability inventory: The script uses 'subprocess.run' to execute 'soffice' and 'timeout' commands and performs file writes via the LibreOffice macro.
- Sanitization: Cell data is not sanitized or escaped before being included in the JSON result summary returned to the agent.
Audit Metadata