The Agent Skills Directory

[Privilege Escalation] (HIGH): The SKILL.md file explicitly instructs the agent to use sudo apt-get install -y libreoffice poppler-utils. Executing commands with root privileges poses a significant security risk if the agent's environment is not strictly isolated.
[Indirect Prompt Injection] (HIGH): This skill is designed to ingest and process untrusted external data from spreadsheets (.xlsx, .csv, .tsv). It lacks boundary markers or sanitization logic. A malicious spreadsheet could contain hidden instructions that the agent might interpret as system commands or policy overrides.
Ingestion points: load_workbook in read_existing_spreadsheet.py and pandas workflows described in SKILL.md.
Boundary markers: Absent. The instructions do not specify delimiters for data extracted from cells.
Capability inventory: File writing (wb.save), directory creation (mkdir), and shell command execution (soffice, pdftoppm).
Sanitization: None detected in the provided Python examples or markdown instructions.
[Command Execution] (MEDIUM): The skill workflow involves calling external system binaries (soffice and pdftoppm) via the shell. If filenames or sheet names are derived from untrusted input, this could lead to command injection vulnerabilities.

spreadsheet