The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted document content (Word, Excel, PowerPoint, PDF) which creates a surface for indirect prompt injection. If a document contains malicious instructions, the agent could potentially be influenced to perform unintended actions.
Ingestion points: Document content is extracted using tools like markitdown, pdftotext, and pypdf across various scripts.
Boundary markers: Extracted content is typically converted to Markdown or plain text before being presented to the agent, providing some structural separation.
Capability inventory: The skill has the ability to read and write files and execute system commands for document conversion.
Sanitization: The implementation consistently uses the defusedxml library for parsing XML files, which effectively mitigates XML External Entity (XXE) and billion laughs attacks.
[COMMAND_EXECUTION]: The skill executes local system utilities to perform its primary tasks. Scripts such as recalc.py, accept_changes.py, and thumbnail.py invoke soffice (LibreOffice), pdftoppm, and magick via subprocess.run. These executions are limited to processing local files provided by the user.
[EXTERNAL_DOWNLOADS]: The skill depends on standard, well-known libraries from official package registries. Python dependencies include pypdf, openpyxl, and pdfplumber. Node.js dependencies include docx, pptxgenjs, and pdf-lib.

office-suite