xlsx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (LOW): The script generates a StarBasic macro at runtime and writes it to a file before execution via the LibreOffice engine. This is the primary mechanism used to achieve formula recalculation.
- Persistence Mechanisms (LOW): The script modifies application configuration files in the user's home directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice) to store the automation macro.
- Indirect Prompt Injection (LOW): The skill processes external Excel files which could contain malicious content. Evidence Chain: 1. Ingestion points: File input via sys.argv in recalc.py. 2. Boundary markers: None present. 3. Capability inventory: Command execution via subprocess and filesystem write operations. 4. Sanitization: No content validation or sanitization is performed on the spreadsheet data before processing.
Audit Metadata