xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Persistence Mechanisms (HIGH): The script writes a LibreOffice macro file (
Module1.xba) to the user's application configuration directory (e.g.,~/.config/libreoffice/or~/Library/Application Support/LibreOffice/). This is a persistent modification of the host environment that remains across sessions. - Indirect Prompt Injection (HIGH): The skill processes untrusted external Excel files using complex system tooling.
- Ingestion points: Untrusted Excel file paths provided as arguments to
recalc.py. - Boundary markers: None. The skill assumes all content in the provided file is data to be processed.
- Capability inventory: High-privilege file modification via
soffice(LibreOffice) and file-read capabilities viaopenpyxl. - Sanitization: None; the script only performs a existence check via
Path.exists()before processing. - Risk: Using a full office suite like LibreOffice to process potentially attacker-controlled binary files is a high-risk activity due to the complexity of document parsers and the history of RCE vulnerabilities in such software.
- Command Execution (MEDIUM): The script uses
subprocess.runto execute system binaries includingsoffice,timeout, andgtimeout. While it uses list-based arguments to mitigate shell injection, it executes system-level software with access to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata