The Agent Skills Directory

[PROMPT_INJECTION]: Deceptive metadata identified in SKILL.md. The author field is set to "OpenAI", which conflicts with the identified author "lawvable". This is a form of impersonation that may mislead users or agents into assuming the skill is an official product of a trusted organization.
[COMMAND_EXECUTION]: The script scripts/render_docx.py executes system commands (soffice and pdftoppm) via subprocess.run. While it constructs command arguments as lists to mitigate shell injection, it relies on the execution of external binaries with parameters derived from input file paths.
[PROMPT_INJECTION]: Indirect prompt injection surface detected in scripts/render_docx.py. The calc_dpi_via_ooxml_docx function parses the word/document.xml file from untrusted DOCX archives using xml.etree.ElementTree, which is vulnerable to XML External Entity (XXE) attacks.
Ingestion points: Reads and parses word/document.xml from user-supplied DOCX files.
Boundary markers: None; the XML content is parsed directly without delimiters or instruction-ignoring warnings.
Capability inventory: File system access, subprocess execution of soffice, and image generation.
Sanitization: No XML sanitization or use of safe alternatives like defusedxml is present.

docx-processing-openai