xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The script writes a macro file to the user's LibreOffice configuration directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). This modification persists across sessions.
- Dynamic Execution (MEDIUM): The script generates a XML-based macro file at runtime and triggers its execution via LibreOffice. Although the template is hardcoded, runtime code generation is a sensitive pattern.
- Unverifiable Dependencies & Remote Code Execution (LOW): The script invokes external binaries (soffice, timeout) using subprocess.run with argument lists, which prevents shell injection.
Audit Metadata