The Agent Skills Directory

Dynamic Execution (HIGH): The module scripts/office/soffice.py dynamically generates C source code, compiles it into a shared library using gcc, and loads it into the soffice process using the LD_PRELOAD environment variable to intercept system calls. This behavior is associated with the skill's primary purpose of ensuring LibreOffice functionality in restricted environments.\n
Evidence: subprocess.run(["gcc", "-shared", "-fPIC", "-o", str(_SHIM_SO), str(src), "-ldl"], ...) and env["LD_PRELOAD"] = str(shim) in scripts/office/soffice.py.\n- Persistence (MEDIUM): The script scripts/recalc.py installs a StarBasic macro into the user's global LibreOffice configuration directory. This change persists across sessions and modifies the application's default behavior.\n
Evidence: Writing RECALCULATE_MACRO to path strings defined by MACRO_DIR_MACOS and MACRO_DIR_LINUX in scripts/recalc.py.\n- Indirect Prompt Injection (LOW): The skill processes untrusted Office documents and has significant system capabilities, creating an attack surface for data-driven exploits. While some sanitization is present, the skill remains vulnerable to malicious data targeting its underlying tools.\n
Ingestion points: Processes .docx, .pptx, and .xlsx files via unpack.py, validate.py, and recalc.py.\n
Boundary markers: Absent.\n
Capability inventory: Subprocess execution of gcc, git, and soffice; arbitrary file writing for shims and macros.\n
Sanitization: Consistent use of defusedxml for XML parsing in multiple helper modules, although lxml.etree and xml.etree.ElementTree are used directly in pptx.py and redlining.py.\n- Command Execution (LOW): The skill makes extensive use of the subprocess module to call system utilities such as git, gcc, and soffice.\n
Evidence: subprocess.run calls in scripts/office/soffice.py, scripts/office/validators/redlining.py, and scripts/recalc.py.

xlsx