Skills
skills/tazomatalax/context-engineering/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • Dynamic Execution (MEDIUM): The script generates a LibreOffice Basic macro (Module1.xba) at runtime and writes it to the local filesystem to enable headless recalculation.
  • Persistence Mechanisms (MEDIUM): By writing the macro to the LibreOffice application profile directory, the script introduces persistent code that remains on the system across sessions.
  • Command Execution (LOW): The script executes system commands via subprocess.run to invoke the LibreOffice (soffice) headless binary and the timeout/gtimeout utility.
  • Indirect Prompt Injection (LOW): The skill ingests untrusted Excel files and extracts cell content into a JSON report. Evidence: 1. Ingestion points: recalc.py using openpyxl. 2. Boundary markers: None present. 3. Capability inventory: subprocess.run (soffice), file write operations. 4. Sanitization: None.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:33 PM