The Agent Skills Directory

COMMAND_EXECUTION (LOW): The script scripts/convert.sh passes all additional command-line arguments directly to the pandoc binary using the "$@" shell variable. While the script correctly uses double-quoting to prevent shell-level command injection via filenames, Pandoc itself supports powerful flags such as --filter or --lua-filter which allow for the execution of arbitrary external scripts or Lua code. If an agent populates these arguments from untrusted user input, it could be coerced into executing malicious code.
Evidence: scripts/convert.sh line 58: pandoc "$INPUT_PATH" -o "$OUTPUT_PATH" "$@".
PROMPT_INJECTION (LOW): As a document conversion tool, this skill is designed to ingest and process untrusted data from external sources (Markdown, DOCX, HTML), making it susceptible to indirect prompt injection where malicious instructions embedded in a document could influence the behavior of the agent reading the output.
Ingestion points: Files located in the import/ directory or provided via the INPUT_FILE argument in scripts/convert.sh.
Boundary markers: None. The skill does not implement delimiters or system-level instructions to ignore embedded commands within the files being converted.
Capability inventory: The skill can execute pandoc and perform file system writes to the export/ directory via scripts/convert.sh.
Sanitization: No sanitization or validation of the input file content is performed prior to processing.

pandoc-docx