The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run across several scripts (scripts/recalc.py, scripts/office/soffice.py, scripts/office/validators/redlining.py) to execute system commands like soffice, gcc, timeout, and git with arguments potentially influenced by file paths.
[COMMAND_EXECUTION]: In scripts/office/soffice.py, the skill uses the LD_PRELOAD environment variable to inject a custom-compiled shared object into the soffice process, overriding standard system calls for socket management.
[COMMAND_EXECUTION]: scripts/recalc.py writes a StarBasic macro (Module1.xba) to the user's LibreOffice configuration directory (~/.config/libreoffice/...), which persists and is executed automatically to handle formula recalculation.
[PROMPT_INJECTION]: The skill is designed to process untrusted Office documents provided by users, which serves as a surface for indirect prompt injection.
Ingestion points: User-provided Office files processed via pandas.read_excel and XML parsers (SKILL.md).
Boundary markers: Absent; instructions do not provide delimiters or warnings to ignore data-embedded commands.
Capability inventory: Runtime compilation (gcc), process injection (LD_PRELOAD), subprocess execution (soffice, git), and file system write access.
Sanitization: Absent; content from spreadsheets is processed without explicit sanitization or escaping before being used in tool workflows.
[PROMPT_INJECTION]: The skill's metadata contains deceptive identity information. The skill is named anthropics-xlsx and includes an official Anthropic license, but the author is identified as family3253, indicating potential impersonation.

anthropics-xlsx