xlsx
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The script "recalc.py" uses "subprocess" to execute "soffice" and "Xvfb". It passes user-provided file paths directly to the command line, which could lead to argument injection if the filename is maliciously crafted.\n- Dynamic Execution (MEDIUM): The skill dynamically generates a LibreOffice Basic macro string and writes it to "Module1.xba" on the local file system. It then executes this macro via the "soffice" command, creating a path for arbitrary macro execution.\n- Persistence Mechanisms (MEDIUM): The script modifies application configuration directories (~/.config/libreoffice or ~/Library/Application Support/LibreOffice) to store its macro, persisting these changes on the host system.\n- Indirect Prompt Injection (LOW): The skill has an ingestion surface for untrusted data via Excel files (recalc.py). Mandatory Evidence Chain: 1. Ingestion points: recalc.py (openpyxl.load_workbook). 2. Boundary markers: Absent. 3. Capability inventory: subprocess (soffice), Path.write_text. 4. Sanitization: Absent.
Audit Metadata