The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The ooxml/scripts/pack.py script executes the soffice (LibreOffice) binary via subprocess.run to perform document validation. While the call uses an argument list to prevent shell injection, processing untrusted Office files through a large, complex binary like LibreOffice exposes the underlying system to risks associated with vulnerabilities in the document engine. Additionally, the count_paragraphs_in_original method in ooxml/scripts/validation/docx.py uses zipfile.extractall() without validating internal file paths, making it susceptible to ZipSlip (path traversal) attacks where a malicious document could attempt to overwrite sensitive files outside the intended temporary directory. \n- DATA_EXFILTRATION (MEDIUM): The DOCXSchemaValidator in ooxml/scripts/validation/docx.py uses lxml.etree.parse to process document content without explicitly disabling external entity resolution. This creates a vulnerability to XML External Entity (XXE) attacks, which could allow a maliciously crafted document to read local files or trigger internal network requests. \n- PROMPT_INJECTION (LOW): The skill handles external OOXML documents provided by users, which serves as a vector for indirect prompt injection. Attackers could embed instructions or malicious metadata within the XML structures of a document in an attempt to manipulate the agent's behavior during the unpacking or validation process.

pptx