The Agent Skills Directory

[COMMAND_EXECUTION]: The 'office-docs' agent (defined in agents/office-docs.md) is designed to use the agent's Bash tool to perform shell operations, including package installation and the execution of dynamically created TypeScript files using npx tsx.\n- [REMOTE_CODE_EXECUTION]: The skill implements a workflow where an AI agent takes user input to modify a document template and then executes that template as code (npx tsx /tmp/generate-doc.ts). This dynamic execution of generated code that incorporates untrusted user input lacks explicit sanitization or validation mechanisms, creating a vulnerability for code injection and arbitrary execution within the user's environment.\n- [EXTERNAL_DOWNLOADS]: The skill relies on several external packages downloaded from the npm registry, as documented in README.md, SKILL.md, and the verify-deps.sh script. These include docx, xlsx, pdf-lib, and pptxgenjs. While these are well-known libraries, the automated installation process involves fetching external code at runtime.

office