The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute various system utilities, including soffice (LibreOffice) for document conversion, pandoc for text extraction, and pdftoppm for image generation.
[COMMAND_EXECUTION]: In scripts/office/soffice.py, the skill embeds C source code that is compiled at runtime using gcc to create a shared object (lo_socket_shim.so). This library is utilized with LD_PRELOAD to emulate AF_UNIX socket behavior, which is necessary for LibreOffice to operate in certain sandboxed or restricted environments.
[SAFE]: The skill implements a significant attack surface by processing untrusted document data, but provides appropriate mitigations:
Ingestion points: External .docx files are processed through scripts/office/unpack.py and the Document class in scripts/document.py.
Boundary markers: Data is handled within structured XML formats, maintaining a clear separation between document content and agent instructions.
Capability inventory: The skill possesses capabilities to execute shell commands and compile code, which are used solely for document processing tasks.
Sanitization: All XML parsing is performed using the defusedxml library to prevent XML External Entity (XXE) vulnerabilities.

docx