Skills
skills/vuralserhat86/antigravity-agentic-skills/xlsx/Gen Agent Trust Hub

xlsx

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script executes the soffice (LibreOffice) binary and system timeout/gtimeout utilities via subprocess.run. Although it passes arguments as a list to mitigate shell injection, the skill relies on executing external system binaries with significant capabilities.
  • [PERSISTENCE] (MEDIUM): The setup_libreoffice_macro function creates or modifies files in the user's application configuration directory (~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/). It writes a StarBasic macro (Module1.xba) that persists in the environment after the skill finishes.
  • [DYNAMIC_EXECUTION] (MEDIUM): The script generates a StarBasic macro string at runtime, writes it to the filesystem, and then triggers its execution via a vnd.sun.star.script URL. This pattern of code generation and execution is a known attack surface, though it is used here for the skill's primary function of Excel recalculation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:26 PM