xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The script executes system commands like 'soffice' and 'timeout' using subprocess.run with list-based arguments. This prevents shell injection vulnerabilities while allowing necessary interaction with the system's office suite.
- PERSISTENCE / DYNAMIC EXECUTION (LOW): The setup_libreoffice_macro function creates a StarBasic macro file (Module1.xba) in the user's local configuration directory (~/.config/libreoffice or Library/Application Support). While modifying configuration files and generating scripts at runtime are typically high-risk behaviors, here they are hardcoded and essential for automating the spreadsheet recalculation task.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it reads and processes untrusted Excel data, reporting cell contents directly back to the agent without sanitization.
- Ingestion points: recalc.py uses openpyxl.load_workbook to read data from user-provided Excel files.
- Boundary markers (absent): No delimiters or specific instructions are used to separate Excel data from the tool's output report.
- Capability inventory: The skill can execute local binaries (soffice) and modify configuration files.
- Sanitization (absent): Error strings and cell values are reported as-is to the agent.
Audit Metadata