xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The script executes system commands (
soffice,timeout,gtimeout) viasubprocess.runto perform its primary function. While it uses list arguments to mitigate shell injection, the reliance on external binaries is a functional necessity. - [Dynamic Execution] (MEDIUM -> LOW): The script dynamically generates a LibreOffice Basic macro (
Module1.xba) and writes it to the user's application configuration directory to enable formula recalculation. This behavior is considered LOW severity because it is performed by a trusted author (Anthropic) for a specific, transparent purpose. - [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface that processes untrusted Excel files.
- Ingestion points:
recalc.pyreads file content usingopenpyxl.load_workbook. - Boundary markers: Absent; the script reads cell values directly without delimiters.
- Capability inventory: File system access, script generation (macro creation), and execution of local binaries via
subprocess.run. - Sanitization: The script scans cell contents for static Excel error strings (e.g.,
#VALUE!) but does not sanitize or validate general cell content, which could lead to injection if results are later processed by an LLM. - [Persistence Mechanisms] (LOW): The skill installs a persistent macro into the local LibreOffice profile. This modification remains on the system across sessions, which is required for the tool's operation.
Audit Metadata