The Agent Skills Directory

[COMMAND_EXECUTION]: Runtime compilation and LD_PRELOAD usage. The script 'scripts/office/soffice.py' dynamically generates a C source file in the temporary directory, compiles it into a shared object using 'gcc', and then injects this library into the LibreOffice process via the 'LD_PRELOAD' environment variable. This is done to shim Unix socket behavior in restricted environments.
[COMMAND_EXECUTION]: Persistence via application configuration modification. The script 'scripts/recalc.py' automatically installs a custom Basic macro ('Module1.xba') into the user's LibreOffice configuration directory. This modification ensures the recalculation logic is available to the office suite across sessions.
[PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill processes external, untrusted data from spreadsheet files and XML structures, which provides a pathway for indirect prompt injection attacks.
Ingestion points: Untrusted data enters the agent context through 'pd.read_excel' and 'openpyxl.load_workbook' (referenced in 'SKILL.md') and 'lxml.etree.parse' (used in multiple validation scripts).
Boundary markers: The skill does not explicitly use delimiters or 'ignore embedded instructions' warnings when interpolating file data into prompts.
Capability inventory: The skill has significant capabilities, including arbitrary subprocess execution via 'soffice', 'gcc', and 'git' ('scripts/recalc.py', 'scripts/office/soffice.py', 'scripts/office/validators/redlining.py'), and file system write access ('SKILL.md', 'scripts/office/pack.py').
Sanitization: XML parsing is hardened using 'defusedxml.minidom' to prevent XXE, but spreadsheet cell content is not explicitly sanitized before being processed by the LLM or used in calculations.

xlsx