The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute external commands. Specifically, scripts/recalc.py runs soffice (LibreOffice) to update formula values, and scripts/office/validators/redlining.py executes git diff to compare document versions.
[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py performs runtime code generation and process injection. It writes a C source file to the temporary directory, compiles it into a shared library using gcc, and uses the LD_PRELOAD environment variable to inject the shim into the LibreOffice process. This technique is used to bypass socket restrictions in sandboxed environments but constitutes dynamic code execution.
[PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes untrusted spreadsheet data and possesses powerful system capabilities.
Ingestion points: Spreadsheet files are read by scripts/recalc.py and unpacked by scripts/office/unpack.py.
Boundary markers: Absent; there are no delimiters to distinguish user data from instructions within the processed spreadsheets.
Capability inventory: The skill can execute shell commands and generate binary code at runtime.
Sanitization: Uses the defusedxml library for XML parsing to mitigate common XML-based attacks.

xlsx-processing-anthropic