The Agent Skills Directory

[COMMAND_EXECUTION]: The recalc.py script executes system commands using subprocess.run, specifically calling the soffice (LibreOffice) binary and the timeout (or gtimeout on macOS) utility to manage headless spreadsheet operations.
[REMOTE_CODE_EXECUTION]: The skill exhibits dynamic code generation by creating a LibreOffice Basic macro file (Module1.xba) and saving it to the user's application configuration path (e.g., ~/.config/libreoffice/). It subsequently triggers the execution of this generated code via a specific URI scheme (vnd.sun.star.script) through the command line. While the macro source is currently hardcoded, this mechanism bypasses traditional security boundaries for office automation.
[PROMPT_INJECTION]: The skill processes untrusted external data from spreadsheets (.xlsx, .csv, .tsv) which creates a surface for indirect prompt injection.
Ingestion points: Data enters the agent's context through pandas.read_excel and openpyxl.load_workbook in SKILL.md.
Boundary markers: No explicit instructions or delimiters are provided to the agent to treat cell contents as untrusted data.
Capability inventory: The skill possesses the ability to execute shell commands, write files to the local filesystem, and modify application configurations.
Sanitization: There is no evidence of sanitization or validation of spreadsheet content before processing or recalculation.
[DATA_EXPOSURE]: The script automatically writes an execution log (executed_recalc.log) to the parent directory of the spreadsheet being processed. In shared environments, this could lead to the exposure of file paths and processing metadata to unauthorized users.

xlsx