The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions prompt users to install external dependencies such as pandoc, @mermaid-js/mermaid-cli, and svgexport from well-known official repositories and package registries.- [COMMAND_EXECUTION]: The conversion workflow involves executing shell commands to run the Node.js script (.github/muscles/md-to-word.cjs) and invoke system utilities like pandoc and mermaid-cli for document processing.- [PROMPT_INJECTION]: The skill processes untrusted Markdown content as input, which constitutes an indirect prompt injection surface. This vulnerability could be exploited if malicious instructions are embedded within the data processed by the conversion engine.
Ingestion points: Markdown source files (.md) passed to the conversion script.
Boundary markers: No explicit security boundary markers or 'ignore' instructions for embedded content are defined in the conversion logic.
Capability inventory: The skill has the capability to execute system commands and perform file operations via the underlying conversion script and external tools.
Sanitization: While the skill performs structural preprocessing for formatting purposes, it does not implement specific sanitization to filter or escape adversarial instructions in the input Markdown.

md-to-word