The Agent Skills Directory

[COMMAND_EXECUTION]: The script recalc.py uses subprocess.run to execute the soffice (LibreOffice) binary for formula evaluation. This constitutes a system-level command execution capability triggered by the agent.
[COMMAND_EXECUTION]: The recalc.py script dynamically creates and writes a LibreOffice Basic macro file (Module1.xba) to the user's home directory (~/.config/libreoffice or ~/Library/Application Support/LibreOffice). This involves modifying application configuration files outside of the skill's immediate directory.
[PROMPT_INJECTION]: The skill is designed to read and process external spreadsheet files, which serves as a vector for indirect prompt injection if those files contain malicious instructions disguised as data.
Ingestion points: pd.read_excel and load_workbook calls in SKILL.md and recalc.py are used to ingest external data.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the spreadsheets are provided.
Capability inventory: The skill possesses file write capabilities (wb.save) and system command execution capabilities via recalc.py and soffice.
Sanitization: No sanitization or validation of the ingested spreadsheet data is performed before processing.

xlsx