The Agent Skills Directory

[SAFE]: The skill uses the defusedxml library for all XML parsing in scripts/utilities.py and ooxml/scripts/pack.py. This is a recommended security practice to protect against XML External Entity (XXE) and entity expansion (Billion Laughs) attacks.
[COMMAND_EXECUTION]: The skill utilizes subprocess.run to call soffice (LibreOffice) in ooxml/scripts/pack.py for document validation and git in ooxml/scripts/validation/redlining.py to perform word-level diffs. These executions are legitimate for the skill's primary purpose, use static or strictly validated arguments, and operate on files within temporary directories.
[SAFE]: Data processing logic in scripts/document.py and scripts/utilities.py employs structural parsing and proper escaping (e.g., html.escape for author names in people.xml) to prevent injection and maintain document integrity.
[EXTERNAL_DOWNLOADS]: Documentation in SKILL.md identifies necessary system dependencies including pandoc, libreoffice, and poppler-utils. These are well-known tools required for document processing tasks and are provided as installation instructions for the user.

docx