The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill performs runtime C compilation and process injection. In scripts/office/soffice.py, it dynamically writes C source code to a temporary file, compiles it using gcc, and then injects the resulting shared object into the LibreOffice process using LD_PRELOAD. This is a highly sophisticated dynamic execution pattern that can be used for system-level bypasses.\n- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection and XML External Entity (XXE) attacks. It ingests untrusted Office document content (XML) in scripts/office/unpack.py, scripts/office/validators/redlining.py, and scripts/office/helpers/simplify_redlines.py. While it uses defusedxml in some places, it uses insecure parsers like xml.etree.ElementTree and lxml.etree without entity resolution disabled in critical validation steps, allowing malicious files to potentially read local data or manipulate agent reasoning.\n- [COMMAND_EXECUTION] (MEDIUM): The skill executes dynamic LibreOffice macros. scripts/accept_changes.py generates a LibreOffice Basic macro at runtime and executes it via the vnd.sun.star.script protocol. This provides an additional vector for executing arbitrary logic within the Office environment.

docx