The Agent Skills Directory

COMMAND_EXECUTION (SAFE): The pack.py script invokes 'soffice' (LibreOffice) via subprocess.run for document validation. This is implemented securely using a list of arguments without a shell, preventing command injection.- DATA_EXFILTRATION (SAFE): No patterns indicating sensitive data access or unauthorized network transmission were detected.- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes untrusted Office documents, which is a potential injection surface. 1. Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validation/docx.py. 2. Boundary markers: None. 3. Capability inventory: Filesystem access, zipfile extraction, and subprocess execution. 4. Sanitization: The skill uses defusedxml to parse XML content during the unpacking phase, which effectively strips malicious entities and prevents XXE attacks before further processing occurs.- PROMPT_INJECTION (SAFE): No instructions designed to override agent behavior or safety filters were found in the provided files.- EXTERNAL_DOWNLOADS (SAFE): The skill does not download external scripts or install packages at runtime. Required dependencies like lxml and defusedxml are expected to be available in the environment.

docx