The Agent Skills Directory

[PROMPT_INJECTION] (MEDIUM): The skill uses directives like 'NEVER set any range limits' to override default agent behaviors, which is a technique that can be used to ensure potential malicious payloads in large files are fully ingested into the context window.\n- [COMMAND_EXECUTION] (MEDIUM): The ooxml/scripts/pack.py script executes soffice via subprocess on user-controlled files. Processing untrusted documents through complex conversion engines like LibreOffice is a known attack surface for exploiting vulnerabilities in the host environment.\n- [DATA_EXFILTRATION] (MEDIUM): The unpack.py script uses xml.dom.minidom to parse XML from untrusted documents. This library lacks protection against XML External Entity (XXE) attacks, which could be leveraged to expose or exfiltrate sensitive local files.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted .docx files. Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validate.py. Boundary markers: Absent. Capability inventory: Subprocess execution (soffice, pdftoppm, pandoc) and file writing. Sanitization: None.

Word Document Handler