The Agent Skills Directory

[SAFE]: The skill utilizes the defusedxml library for parsing all XML content. This is a security best practice that protects the agent from XML External Entity (XXE) and billion laughs (DoS) attacks when processing potentially untrusted user documents.
[COMMAND_EXECUTION]: Local command execution is confined to legitimate document processing tools. subprocess.run is used to invoke soffice (LibreOffice) for format conversion/validation and git diff for comparing text versions. These calls use fixed binary paths and temporary file targets, minimizing risk of argument injection.
[EXTERNAL_DOWNLOADS]: Dependencies listed in the documentation (such as pandoc, libreoffice, and the docx npm package) are standard, industry-recognized tools for document manipulation and are recommended to be installed via official system package managers.
[SAFE]: The skill implements a comprehensive validation framework that checks edited documents against official XSD schemas and internal redlining rules, ensuring that programmatic modifications do not corrupt the file structure or bypass tracking requirements.

skills-docx