The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/office/soffice.py implements a runtime compilation and injection workflow. It writes C source code for a socket shim to a temporary file, compiles it into a shared library using gcc, and then executes the soffice (LibreOffice) binary with LD_PRELOAD set to the generated library. This allows the skill to intercept and redirect low-level system calls within the office process.
[COMMAND_EXECUTION]: The script scripts/accept_changes.py dynamically generates a LibreOffice Basic macro and writes it to the application's macro directory (/tmp/libreoffice_docx_profile/user/basic/Standard/Module1.xba) to automate the acceptance of tracked changes.
[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess.run and subprocess.run APIs to execute external system tools, including soffice, pandoc, pdftoppm, and gcc.
[PROMPT_INJECTION]: The skill is designed to process and analyze untrusted Word documents, which exposes the agent to indirect prompt injection vulnerabilities.
Ingestion points: Text extraction from .docx files via pandoc and python-docx for analysis, as specified in SKILL.md.
Boundary markers: Absent. The skill does not implement delimiters or instructions to prevent the agent from following commands embedded within the analyzed document content.
Capability inventory: The skill possesses capabilities for file system modification, arbitrary command execution (via gcc/soffice/pandoc), and process injection.
Sanitization: None. Extracted text is passed directly into the agent's context without filtering for malicious prompt sequences.
[EXTERNAL_DOWNLOADS]: The SKILL.md file recommends that the user install external dependencies at runtime, specifically the docx Node.js package globally via npm and several Python libraries (python-docx, pdf2image).

docx