The Agent Skills Directory

[COMMAND_EXECUTION]: The script recalc.py uses subprocess.run to call the soffice (LibreOffice) binary. Because the file path is passed as a command-line argument without sufficient validation, a maliciously named file (e.g., starting with a dash) could be used to perform argument injection attacks against the LibreOffice process.
[COMMAND_EXECUTION]: recalc.py performs dynamic code generation by creating a LibreOffice Basic macro file (Module1.xba) in the user's local configuration directory to automate formula calculation and then executes it via a system call.
[PROMPT_INJECTION]: The skill processes external, untrusted spreadsheet files, creating an attack surface for indirect prompt injection.
Ingestion points: File loading via pandas.read_excel and openpyxl.load_workbook in SKILL.md examples and recalc.py.
Boundary markers: No explicit delimiters or instructions are used to distinguish user-provided data from system instructions during spreadsheet processing.
Capability inventory: The agent possesses filesystem write access and the ability to execute shell commands via the recalc.py utility.
Sanitization: Input data from spreadsheets is not sanitized before being processed, which may lead to the execution of embedded malicious instructions if the agent interprets cell content as commands.

xlsx