xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
recalc.pylocated atgateway/tools/xlsx/to perform formula recalculation using LibreOffice macros. This execution is performed within a described sandbox environment and is consistent with the skill's primary purpose of managing complex spreadsheets. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and process untrusted spreadsheet data which could contain malicious instructions.
- Ingestion points: External spreadsheet files including
.xlsx,.xlsm,.csv, and.tsvas specified inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content within the processed data are defined.
- Capability inventory: The skill utilizes
openpyxlfor file writing,pandasfor data analysis, and executes a subprocess command viarecalc.py(Phase 2-A, 2-C). - Sanitization: No specific sanitization or validation logic for the content of the ingested files is documented in the workflow.
Audit Metadata