The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/office/soffice.py implements a sophisticated runtime compilation and process injection mechanism. It writes C source code to a temporary file, compiles it into a shared library using gcc, and then uses the LD_PRELOAD environment variable to shim the soffice (LibreOffice) process. This is intended to provide a fallback for AF_UNIX sockets in restricted execution environments.\n- [COMMAND_EXECUTION]: Multiple components of the skill utilize the subprocess module to execute external system commands. This includes running soffice for document conversion, gcc for library compilation, pandoc for text extraction, pdftoppm for image generation, and git for document diffing.\n- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing external Word documents. Ingestion occurs in scripts/office/unpack.py, which extracts document content into XML files for editing. While the skill correctly uses the defusedxml library to prevent XML External Entity (XXE) attacks, it lacks explicit boundary markers or instructions to the AI agent to ignore instructions embedded within the untrusted document data. Capabilities available to the agent when processing this data include file system access and system command execution.

docx