The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill performs runtime compilation of C code and uses LD_PRELOAD for process injection. Specifically, scripts/office/soffice.py writes a C source file to a temporary directory, compiles it using gcc, and then injects the resulting shared object into the LibreOffice process to intercept system calls. This behavior is highly irregular and bypasses standard execution boundaries.
[COMMAND_EXECUTION] (MEDIUM): The skill relies on several external system binaries including soffice (LibreOffice), git, and timeout. It also modifies the environment by installing a custom LibreOffice macro to the user's home directory (~/.config/libreoffice/).
[DATA_EXFILTRATION] (MEDIUM): Multiple components (redlining.py, simplify_redlines.py) utilize the standard xml.etree.ElementTree library for parsing untrusted XML data from Office documents. This library does not provide protection against XML External Entity (XXE) attacks, potentially allowing an attacker to craft a document that reads sensitive files from the host system.
[NO_CODE] (LOW): Several referenced files (base.py, docx.py) are missing from the skill package, making part of the validation logic unverifiable.

xlsx