xlsx
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The recalc.py script executes system-level binaries to facilitate spreadsheet processing. \n
- Evidence: The script uses subprocess.run to call the soffice (LibreOffice) binary, as well as timeout or gtimeout utility commands. \n- [REMOTE_CODE_EXECUTION]: The skill implements dynamic code generation and execution by creating and running persistent application macros. \n
- Evidence: recalc.py writes a StarBasic macro (Module1.xba) to the user's LibreOffice configuration directory (~/.config/libreoffice/4/user/basic/Standard/ or ~/Library/Application Support/LibreOffice/4/user/basic/Standard/) and executes it using the soffice command-line interface. \n- [PROMPT_INJECTION]: The skill is designed to process external spreadsheet data, which introduces an attack surface for indirect prompt injection (Category 8). \n
- Ingestion points: Files processed via pandas.read_excel and openpyxl.load_workbook in the suggested Python snippets and recalc.py script. \n
- Boundary markers: None. The skill does not define specific delimiters or instructions to ignore embedded content within the processed files. \n
- Capability inventory: The skill has the ability to write files to the local system and execute commands via the recalc.py utility. \n
- Sanitization: No content sanitization or validation logic is present to filter malicious instructions within the Excel data prior to ingestion by the agent.
Audit Metadata