xlsx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script executes system commands via subprocess.run, specifically calling LibreOffice ('soffice') with a user-provided filename. This creates an attack surface where a maliciously crafted Excel file could exploit vulnerabilities in the office suite's file parsers. Evidence: subprocess.run calls in recalc.py.
- [REMOTE_CODE_EXECUTION] (HIGH): The script performs dynamic code injection by writing a custom StarBasic macro to the user's local LibreOffice application configuration directory ('Module1.xba') and then executing it. This constitutes the creation and execution of persistent, unauthorized code on the host system. Evidence: setup_libreoffice_macro function in recalc.py.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external Excel files (Ingestion point: recalc.py) and processes that data using high-privilege capabilities (Capability inventory: subprocess execution, file-write, macro execution). There are no boundary markers or sanitization steps to prevent malicious file content from influencing the agent or exploiting the toolchain.
Recommendations
- AI detected serious security threats
Audit Metadata