The Agent Skills Directory

COMMAND_EXECUTION (LOW): The ooxml/scripts/pack.py script executes the soffice (LibreOffice) utility via subprocess.run to validate document conversion. While implemented using a list of arguments to prevent shell injection, it represents an interaction with system-level binaries.- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external OOXML data, creating a surface for indirect prompt injection.
Ingestion points: ooxml/scripts/unpack.py (zip extraction) and ooxml/scripts/validation/docx.py (XML parsing).
Boundary markers: None present in the processing scripts.
Capability inventory: File system access (read/write) and subprocess execution (soffice).
Sanitization: Uses defusedxml in pack.py and unpack.py, but docx.py uses lxml.etree.parse without explicit security flags (like resolve_entities=False), which could theoretically lead to XXE issues depending on the lxml environment configuration.

docx