The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to interact with system utilities necessary for document processing. In ooxml/scripts/pack.py, it executes soffice (LibreOffice) in headless mode to validate document integrity through conversion. In ooxml/scripts/validation/redlining.py, it utilizes git diff to perform precise comparisons of document changes. These operations are directly associated with the skill's primary purpose and use controlled local paths.
[PROMPT_INJECTION]: The SKILL.md file includes instructions for the agent to "READ ENTIRE FILE" and "NEVER set any range limits" when accessing technical documentation. While these target agent behavior, they are benign context-management directives intended to ensure the agent correctly applies complex formatting rules and document structures.
[EXTERNAL_DOWNLOADS]: Documentation in SKILL.md identifies standard external tools and libraries required for document engineering, such as pandoc, LibreOffice, Poppler, and the docx (NPM) and defusedxml (Python) libraries. These are well-known industry-standard tools.
[SAFE]: The skill implements best practices for secure document handling by using the defusedxml library for all XML parsing operations in Python (e.g., in scripts/document.py and ooxml/scripts/unpack.py), effectively mitigating XML External Entity (XXE) and expansion attacks. No evidence of hardcoded credentials, persistence mechanisms, or unauthorized data exfiltration was found during the analysis.

docx