The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to execute sudo apt-get install to install system dependencies such as pandoc, libreoffice, and poppler-utils. These commands require elevated system privileges.
[COMMAND_EXECUTION]: The script ooxml/scripts/pack.py uses subprocess.run to invoke the soffice (LibreOffice) binary for document validation purposes.
[EXTERNAL_DOWNLOADS]: The SKILL.md file facilitates the installation of the docx library from the well-known npm registry via npm install -g docx.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from Microsoft Word documents.
Ingestion points: Text is extracted from word/document.xml using ooxml/scripts/validation/redlining.py and converted to markdown via pandoc as described in the skill workflow.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when presenting extracted text to the agent.
Capability inventory: The skill possesses the ability to execute terminal commands and perform file system operations.
Sanitization: No sanitization or filtering of the extracted document content is performed before it is added to the agent context.
[PROMPT_INJECTION]: The instructions in SKILL.md and docx-js.md include strong directives such as "MANDATORY
READ ENTIRE FILE" and "NEVER set any range limits," which are designed to override the agent's default processing constraints.

Word Document Handler