The Agent Skills Directory

[PRIVILEGE_ESCALATION]: The SKILL.md documentation recommends using sudo apt-get install for system dependencies, which involves acquiring administrative permissions and potentially compromising system security if executed by an agent with elevated access.
[DYNAMIC_EXECUTION]: The skill uses install.sh and quick_start.sh to perform environment setup and execute scripts. Additionally, integration examples in SKILL.md explicitly demonstrate using exec() and subprocess.run() to invoke converter scripts. This pattern can lead to arbitrary command execution if input file paths or arguments are influenced by external or untrusted data.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external, untrusted Markdown files across its main scripts (md2docx.py, md2docx_batch.py). This creates a surface where malicious instructions embedded in a processed document could influence the agent's behavior.
Ingestion points: scripts/md2docx.py and scripts/md2docx_batch.py read content from external Markdown files.
Boundary markers: No specific delimiters or "ignore instructions" warnings are implemented to separate data from instructions.
Capability inventory: The skill has file-write permissions and documented subprocess execution capabilities.
Sanitization: While beautifulsoup4 is used for parsing, no security-focused sanitization to prevent prompt injection attacks is described.
[OBFUSCATION]: The install.sh script employs base64 -d to reconstruct a binary file from encoded text. While used here for a sample image, this technique is commonly used to hide malicious code or binary payloads from static security scanners.

markdown-to-word-skill