The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to execute system installation commands with elevated privileges, specifically sudo apt-get install -y libreoffice poppler-utils, which constitutes a privilege escalation risk. Additionally, the skill utilizes shell commands (soffice, pdftoppm) for document conversion and rendering tasks.
[EXTERNAL_DOWNLOADS]: The skill directs the agent to install well-known Python packages (openpyxl, pandas, matplotlib) and system utilities (libreoffice, poppler) from established public package registries and official repositories.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted data from spreadsheet files (.xlsx, .csv, .tsv).
Ingestion points: Untrusted data enters the agent context through the load_workbook function (referenced in read_existing_spreadsheet.py) and via pandas library usage as described in SKILL.md.
Boundary markers: There are no instructions for implementing delimiters or security warnings to prevent the agent from following instructions embedded within the spreadsheet data.
Capability inventory: Across the skill scripts and instructions, capabilities include writing to the file system (wb.save in create_basic_spreadsheet.py), executing shell commands for rendering (soffice, pdftoppm in SKILL.md), and performing software installation (pip, apt-get in SKILL.md).
Sanitization: There is no evidence of input validation, escaping, or data sanitization applied to the spreadsheet content before it is processed or used to influence downstream agent actions.

spreadsheet