The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The ooxml/scripts/pack.py script executes the external soffice (LibreOffice) binary via subprocess.run to validate document integrity. While arguments are largely constrained, it processes user-influenced file paths and relies on the local environment's office suite configuration.
[PROMPT_INJECTION] (LOW): The skill possesses an attack surface for indirect prompt injection as it processes and interprets untrusted Office documents provided by users.
Ingestion points: Document contents are read and extracted in ooxml/scripts/unpack.py, ooxml/scripts/pack.py, and scripts/rearrange.py using zipfile and XML parsing.
Boundary markers: The scripts do not implement explicit boundary markers or instructions to the agent to disregard instructions potentially embedded within the document XML.
Capability inventory: The skill has the capability to perform extensive file system operations (read/write/extract) and trigger external application execution via subprocess.
Sanitization: The skill effectively uses defusedxml for most XML parsing tasks to prevent XXE. However, lxml.etree is utilized in ooxml/scripts/validation/docx.py without explicit security-hardened parser settings.

pptx