The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute system commands including soffice, pandoc, and git. Most notably, scripts/office/soffice.py compiles an embedded C source shim at runtime using gcc and then utilizes the LD_PRELOAD environment variable to inject the resulting library into the soffice process. This is used to manage AF_UNIX socket behavior in restricted environments.
[EXTERNAL_DOWNLOADS]: SKILL.md specifies the installation of the docx package from the public npm registry.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted document content.
Ingestion points: Document XML content is read and parsed from .docx archives in scripts/office/unpack.py.
Boundary markers: Absent; there are no specific instructions or delimiters used to ensure the agent ignores instructions found within the document data.
Capability inventory: The skill possesses high-privilege capabilities including arbitrary command execution (subprocess.run), runtime compilation (gcc), and extensive file system access.
Sanitization: The skill utilizes defusedxml to protect against standard XML vulnerabilities like XXE, though some metadata extraction scripts use the non-hardened xml.etree.ElementTree library.

docx