The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The script scripts/office/soffice.py implements runtime compilation of an embedded C source file using gcc. The resulting shared library is then injected into the soffice (LibreOffice) process using the LD_PRELOAD environment variable. This technique is used to shim Unix socket behavior in environments where they are restricted, but it represents a high-risk execution pattern.
[Persistence Mechanisms] (MEDIUM): scripts/recalc.py automatically generates and writes a StarBasic macro (Module1.xba) to the user's LibreOffice configuration directory (e.g., ~/.config/libreoffice/). This modification persists across application sessions to enable the formula recalculation feature.
[Command Execution] (LOW): The skill invokes several system binaries including gcc, soffice, and git via subprocess.run to perform its primary tasks.
[Indirect Prompt Injection] (LOW): The skill processes untrusted Office documents, creating a surface for indirect attacks if document content is interpreted as instructions by the agent.
Ingestion points: scripts/office/unpack.py (extracts ZIP archives) and scripts/recalc.py (loads Excel workbooks).
Boundary markers: None detected in the script logic to delimit external data from instructions.
Capability inventory: Subprocess execution of soffice, gcc, and git, as well as extensive file system write permissions.
Sanitization: The skill largely uses defusedxml to mitigate XML External Entity (XXE) risks. However, scripts/office/validators/pptx.py utilizes lxml.etree.parse without explicit safety flags, and scripts/office/unpack.py uses zipfile.extractall(), which is vulnerable to ZipSlip path traversal if processing maliciously crafted archives.

xlsx