The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes external binaries such as pandoc, soffice (LibreOffice), pdftoppm, and git using subprocess.run. These calls use argument lists rather than shell strings, preventing typical command injection vulnerabilities. These tools are necessary for document conversion, visual analysis, and change validation.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing several standard system and programming dependencies, including pandoc, libreoffice, poppler-utils, the docx Node.js package, and the defusedxml Python package. All referenced packages are established and legitimate tools.
[PROMPT_INJECTION]: Instructions in SKILL.md and technical references mandate that the agent must read several long documentation files in their entirety without using range limits. While this overrides default behavior for context management, it is intended to ensure the agent correctly understands the complex technical API for document manipulation.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external files (.docx). Ingestion points: Files are processed by pandoc and unpacked by unpack.py. Boundary markers: None explicitly defined for extracted text. Capability inventory: Scripts can perform file writes and execute system commands via subprocess.run. Sanitization: The skill uses defusedxml for secure XML parsing and html.escape for sanitizing metadata such as author names, reducing the risk of structure-based attacks.

docx