The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains instructions to install necessary system dependencies using sudo apt-get install, which requests elevated privileges from the user or agent environment.
[COMMAND_EXECUTION]: The skill uses the Python subprocess module in ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py to execute external system tools like soffice and git.
[PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection by extracting and processing the contents of user-supplied .docx files.
Ingestion points: XML content is extracted from document archives in ooxml/scripts/unpack.py and presented to the agent for editing and analysis.
Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to ignore or neutralize embedded natural language commands found within the document text.
Capability inventory: The skill possesses significant capabilities including writing to the local file system, executing system utilities via subprocesses, and providing instructions for further software installation.
Sanitization: Although the skill uses the defusedxml library to successfully mitigate XML-specific threats like XXE, it does not sanitize the extracted natural language content for instructions designed to hijack the agent's behavior.

docx