The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the python-docx library via pip install python-docx. This is a well-known and widely used library for Microsoft Word document manipulation.
[COMMAND_EXECUTION]: The skill's core functionality relies on generating and executing Python scripts to perform document operations. While this is the intended behavior of the skill, it represents a standard capability that must be monitored.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. Specifically, the 'Mail Merge Pattern' and template filling capabilities ingest external data into document paragraphs without sanitization. If a document being processed or the data being injected contains malicious instructions, the agent might inadvertently follow them during subsequent processing steps.
Ingestion points: Document('existing.docx') and fill_template(template_path, replacements) ingest data from external files and dictionary objects.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided code examples.
Capability inventory: The skill utilizes doc.save() for file writing and requires an environment capable of executing Python code.
Sanitization: Simple string replacement (para.text.replace) is used for template filling, which does not sanitize against potential instruction injection within the replacement strings.

docx-manipulation