The Agent Skills Directory

Dynamic Execution (HIGH): The script scripts/office/soffice.py implements a compatibility shim for LibreOffice by writing C source code to /tmp, compiling it with gcc, and then injecting the resulting shared library into the soffice process using the LD_PRELOAD environment variable. This is a high-risk technique for modifying process behavior at runtime. Per the primary purpose rule, this finding is evaluated as MEDIUM as it is a necessary workaround for sandboxed environments.
Dynamic Execution (MEDIUM): The script scripts/accept_changes.py dynamically generates a LibreOffice Basic macro and saves it to a temporary profile to automate document 'Accept All Changes' functionality. This involves runtime script generation and execution.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted Office document data (XML). It uses defusedxml for parsing, which mitigates XML External Entity (XXE) attacks. However, because it interpolates processed document text into subprocess commands (such as git diff in scripts/office/validators/redlining.py), a surface for indirect prompt injection exists. In accordance with guidelines, this category is rated LOW.
Command Execution (LOW): The skill frequently executes external system tools including soffice, git, and gcc. These operations are transparently implemented and essential for document unpacking, validation, and conversion.

docx