The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute system utilities such as soffice (LibreOffice), pandoc, git, and gcc. These are used for document processing, comparison, and the compilation of a technical shim.
[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py contains an embedded C source string (_SHIM_SOURCE) that is written to a temporary file, compiled using gcc, and then injected into the soffice process using the LD_PRELOAD environment variable. This is intended to facilitate socket communication in sandboxed environments but involves high-risk runtime code generation and process injection.
[PROMPT_INJECTION]: The skill is designed to ingest and process content extracted from external Word documents. This ingestion of untrusted data creates a vulnerability to indirect prompt injection attacks.
Ingestion points: Content extracted from .docx files using pandoc (referenced in SKILL.md).
Boundary markers: Absent from the skill instructions.
Capability inventory: Extensive command execution capabilities via subprocess.run across multiple scripts (scripts/accept_changes.py, scripts/office/soffice.py, scripts/office/validators/redlining.py) and file system write operations.
Sanitization: The skill uses defusedxml for XML parsing to mitigate XML-based attacks, but does not implement specific sanitization for natural language instructions embedded in document content.

docx