The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Runtime compilation and injection of a C library.\n
Evidence: scripts/office/soffice.py writes C source code to a temporary file and executes gcc to compile it into a shared object. This object is then loaded using LD_PRELOAD during execution.\n
Impact: This is a risky dynamic execution pattern that shims system behavior and modifies process execution.\n- [COMMAND_EXECUTION]: Use of shell commands for document processing and validation.\n
Evidence: subprocess.run calls are present in scripts/accept_changes.py, scripts/office/soffice.py, and scripts/office/validators/redlining.py to execute binaries like soffice, gcc, and git.\n- [COMMAND_EXECUTION]: Potential path traversal vulnerability in document extraction.\n
Evidence: scripts/office/unpack.py uses zipfile.extractall() to unpack Word document contents without validating the paths within the archive.\n
Impact: This method is susceptible to Zip Slip attacks, where a malicious archive could overwrite system files if path traversal sequences are used in filenames.\n- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection.\n
Ingestion points: scripts/office/unpack.py extracts document XML for manipulation.\n
Boundary markers: Absent. XML content is processed without delimiters or instructions to ignore embedded commands.\n
Capability inventory: Extensive subprocess and file access capabilities are available within the skill's scripts.\n
Sanitization: Absent. The skill does not sanitize or validate document content before processing.

docx