The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes external system utilities to perform spreadsheet processing and visualization tasks.
Evidence: The recalc.py script utilizes subprocess.run to execute soffice (LibreOffice) to trigger formula recalculation.
Evidence: SKILL.md instructions direct the agent to run soffice for PDF conversion and pdftoppm for rendering spreadsheet pages as images.
[COMMAND_EXECUTION]: The recalc.py script implements dynamic code generation by creating and installing a LibreOffice Basic macro in the user's application configuration directory.
Evidence: The setup_libreoffice_macro function writes an .xba XML file containing executable StarBasic code to the standard LibreOffice macro directory (e.g., ~/.config/libreoffice/ or ~/Library/Application Support/LibreOffice/).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted spreadsheet files which could contain malicious instructions.
Ingestion points: Untrusted data is ingested into the agent context via pd.read_excel() and openpyxl.load_workbook() as described in SKILL.md.
Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard instructions embedded within the processed data.
Capability inventory: The agent possesses capabilities including shell command execution (soffice, pdftoppm), filesystem writes (wb.save), and environment modification (macro installation).
Sanitization: No evidence of sanitization, schema validation, or content filtering for external spreadsheet data is present in the provided files.

office-xlsx