The Agent Skills Directory

[SAFE]: The skill follows secure coding practices for XML processing by using the 'defusedxml' library in several key components, including 'scripts/utilities.py', 'ooxml/scripts/pack.py', and 'ooxml/scripts/unpack.py', effectively mitigating XXE vulnerabilities.
[COMMAND_EXECUTION]: The skill executes external system tools via 'subprocess.run' for legitimate document processing tasks:
'ooxml/scripts/pack.py' uses 'soffice' (LibreOffice) to validate documents by converting them to HTML.
'ooxml/scripts/validation/redlining.py' uses 'git diff' to perform precise text comparison for tracked changes validation.
Both implementations use fixed command structures and target local temporary files, minimizing the risk of command injection.
[EXTERNAL_DOWNLOADS]: 'SKILL.md' contains standard instructions for installing necessary system dependencies such as 'pandoc', 'libreoffice', and 'poppler-utils' using the system package manager. These are required for the skill's primary functionality (conversion and image extraction).
[INDIRECT_PROMPT_INJECTION]: The skill has a broad attack surface as it processes untrusted '.docx' files (Category 8). However, it implements a 'Mandatory Evidence Chain' that reduces risk:
Ingestion points: Files are processed in 'ooxml/scripts/unpack.py'.
Boundary markers: The 'Redlining workflow' in 'SKILL.md' provides clear instructions for distinguishing between original and modified text.
Capability inventory: Limited to local file operations and controlled subprocess calls to 'soffice' and 'git'.
Sanitization: 'scripts/document.py' uses 'html.escape' when injecting author metadata into 'people.xml' to prevent injection in document properties.
[CREDENTIALS_UNSAFE]: No hardcoded credentials or sensitive file path access (like AWS or SSH keys) were found in the scripts or metadata.

docx