The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The module scripts/office/soffice.py contains a hardcoded C source string (_SHIM_SOURCE) that is written to a temporary file, compiled at runtime into a shared object using gcc, and then injected into the soffice (LibreOffice) subprocess via the LD_PRELOAD environment variable. This constitutes dynamic code generation and process injection.
[COMMAND_EXECUTION]: The skill frequently executes system commands via subprocesses, specifically invoking gcc for shim compilation, soffice for document processing and conversions, pandoc for markdown text extraction, and pdftoppm for image generation.
[EXTERNAL_DOWNLOADS]: The SKILL.md file directs the AI agent to install the docx package from the global npm registry (npm install -g docx).
[PROMPT_INJECTION]: The skill possesses a susceptibility surface for indirect prompt injection due to its handling of untrusted Word document content. 1. Ingestion points: Untrusted document data enters the agent context through parsing via pandoc or unpack.py. 2. Boundary markers: The extracted text is not isolated with delimiters or specific ignore-instructions. 3. Capability inventory: The skill has extensive system permissions, including subprocess execution and file system write capabilities. 4. Sanitization: The skill implements defusedxml for XML parsing, which effectively mitigates XML External Entity (XXE) and billion laughs attacks.

docx