Skills
skills/vibery-studio/templates/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script recalc.py programmatically interacts with the system to perform formula recalculation.
  • The script uses subprocess.run to execute the soffice (LibreOffice) binary in headless mode.
  • It utilizes the vnd.sun.star.script protocol to trigger the execution of a locally stored macro.
  • It dynamically writes a StarBasic macro (Module1.xba) to the user's LibreOffice application support directory (~/Library/Application Support/LibreOffice/... on macOS or ~/.config/libreoffice/... on Linux).
  • [PROMPT_INJECTION]: The skill exhibits a significant surface area for indirect prompt injection.
  • Ingestion points: The skill reads external data from .xlsx, .xlsm, .csv, and .tsv files using pandas.read_excel and openpyxl.load_workbook as described in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from interpreting instructions embedded within the spreadsheet data.
  • Capability inventory: The skill possesses powerful capabilities including file writing (wb.save, macro_file.write) and system command execution (subprocess.run in recalc.py).
  • Sanitization: There is no evidence of data validation or sanitization for content read from external spreadsheets before it is processed by the agent or used in calculations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 12:27 PM