The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The script 'ooxml/scripts/unpack.py' uses 'zipfile.ZipFile.extractall()' on Office documents without performing member path validation. Since Office files are ZIP archives, this creates a ZipSlip vulnerability where a malicious document containing path traversal components ('..') could overwrite sensitive files outside the intended output directory, potentially leading to system compromise.
[COMMAND_EXECUTION] (MEDIUM): In 'ooxml/scripts/pack.py', the skill invokes the 'soffice' (LibreOffice) binary via 'subprocess.run' to validate document integrity. While it does not use a shell, processing untrusted document data through complex third-party software like LibreOffice increases the attack surface for potential exploits.
[PROMPT_INJECTION] (HIGH): As an indirect prompt injection vector (Category 8), the skill ingests untrusted external data (Office documents) and possesses high-privilege capabilities including file system modification and external command execution. It lacks boundary markers to distinguish document content from agent instructions. Mandatory Evidence Chain: 1. Ingestion points: 'ooxml/scripts/unpack.py' extracts user-provided Office files. 2. Boundary markers: Absent. 3. Capability inventory: 'subprocess.run' in 'pack.py' and 'extractall' in 'unpack.py'. 4. Sanitization: While 'defusedxml' is used to mitigate XXE, there is no validation of zip entry paths or sanitization of document text content.

docx