The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The ooxml/scripts/pack.py script invokes the soffice (LibreOffice) command-line utility via subprocess.run to validate document integrity. This is a functional requirement for verifying that the generated Office files are not corrupt and is executed without shell injection risk.
[PROMPT_INJECTION] (LOW): This finding relates to Category 8 (Indirect Prompt Injection) as the skill is designed to process external document data.
Ingestion points: ooxml/scripts/unpack.py extracts XML contents from user-provided Office documents (.docx, .pptx, .xlsx).
Boundary markers: The skill does not implement LLM-level boundary markers as it primarily consists of script-based processing logic.
Capability inventory: File system read/write access and local command execution via soffice.
Sanitization: The skill uses the defusedxml library across its scripts to mitigate XML External Entity (XXE) and other XML-based injection attacks, providing robust sanitization for the data input.
[DATA_EXFILTRATION] (SAFE): All file operations are localized to the input directory and temporary system directories. No network operations or patterns associated with credential theft were detected.

docxmakebetter