xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
recalc.pyutility invokes thesofficebinary and system timeout commands usingsubprocess.runto perform headless formula evaluation. These calls use argument arrays to mitigate shell injection risks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external spreadsheet files.
- Ingestion points: Data enters the agent context via
pd.read_excel()andopenpyxl.load_workbook()calls documented inSKILL.mdand used inrecalc.py. - Boundary markers: No explicit delimiters or instructions to ignore embedded cell commands are provided for data ingestion.
- Capability inventory: The skill can execute system commands via
recalc.pyand perform file-write operations usingpandasandopenpyxl. - Sanitization: No input validation or sanitization is performed on spreadsheet cell content before processing.
- [SAFE]: The
recalc.pyscript manages application configuration by writing a hardcoded StarBasic macro to the LibreOffice user profile directory. This is a legitimate functional requirement for automated recalculation and does not involve untrusted data.
Audit Metadata