xlsx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
recalc.pyscript utilizessubprocess.runto execute external binaries on the host system. - It invokes
soffice(LibreOffice) to perform spreadsheet formula recalculation, which is the primary intended function of the script. - It utilizes
timeoutorgtimeoutto manage execution limits for these subprocesses. - The script dynamically generates and writes a StarBasic macro file (
Module1.xba) to the local filesystem (LibreOffice configuration directory) to facilitate the recalculation process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from untrusted spreadsheet files such as .xlsx, .csv, and .tsv.
- Ingestion points: External data is loaded into the agent context via
pandas.read_excel()andopenpyxl.load_workbook()as instructed inSKILL.mdand implemented inrecalc.py. - Boundary markers: There are no specified delimiters or explicit instructions to the agent to ignore or isolate instructions found within the spreadsheet cells.
- Capability inventory: The agent has the capability to execute local commands through the provided
recalc.pyhelper script. - Sanitization: No sanitization or content validation is performed on the data read from the spreadsheets before it is analyzed or used by the agent.
Audit Metadata