The Agent Skills Directory

[COMMAND_EXECUTION]: The functions rename_files, merge_excel_files, and merge_pdf_files in office_automation.py accept file paths and naming patterns directly from command-line arguments without validation. This allows for path traversal attacks where a user-controlled output or pattern string containing sequences like ../ or absolute paths could cause the script to move or overwrite files in arbitrary system locations using shutil.move and file write methods.
[DATA_EXFILTRATION]: The SKILL.md documentation prominently features an email-send operation, including command-line examples and configuration details for sending automated emails. However, the provided office_automation.py source code contains no logic or library imports for network communication or email transmission. This discrepancy is deceptive regarding the skill's actual capabilities and its potential for network activity.
[PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by processing untrusted data from external office documents.
Ingestion points: Files are read into memory via pd.read_excel, PdfReader, and docx.Document within office_automation.py.
Boundary markers: No delimiters or instructions are used to distinguish between legitimate data and potential instructions embedded in the documents.
Capability inventory: The skill possesses file read, write, and move capabilities on the local file system.
Sanitization: The script performs no validation or escaping of the content read from Excel, PDF, or Word files before incorporating it into report files or merged output documents.

ke-office-automation