xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted Excel files provided as input and uses LibreOffice (a complex office suite) to recalculate them. This creates a high-risk attack surface where a malicious file could exploit vulnerabilities in the parser or the agent's execution environment.
- Ingestion points:
recalc.pyaccepts afilenameargument from the command line. - Boundary markers: None. The script does not use delimiters or instructions to ignore embedded content within the Excel file.
- Capability inventory: Uses
subprocess.runto execute system commands and the LibreOffice macro providesThisComponent.store()which grants file-write capabilities. - Sanitization: No sanitization or validation of the Excel file content is performed before processing.
- Persistence Mechanisms (HIGH): The
setup_libreoffice_macrofunction inrecalc.pywrites a StarBasic macro (Module1.xba) to the user's permanent LibreOffice configuration directory (e.g.,~/.config/libreoffice/4/user/basic/Standard). This macro remains on the system across sessions. - Dynamic Execution (MEDIUM): The script generates StarBasic code at runtime, writes it to a file, and then invokes it using the
sofficebinary. Although the generated code is a hardcoded string, this pattern of dynamic script generation and execution is a medium-risk behavior. - Command Execution (LOW): The script uses
subprocess.runto callsoffice,timeout, andgtimeout. It uses argument lists which prevents basic shell injection, but it remains a low-level system interaction.
Recommendations
- AI detected serious security threats
Audit Metadata