The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py implements a dynamic execution and process injection pattern.
It contains a raw C source string that is written to a temporary file at runtime.
The script executes gcc to compile this source into a shared library (.so).
It then utilizes the LD_PRELOAD environment variable to inject the compiled library into the soffice (LibreOffice) process. This is used to intercept and shim socket-related system calls.
[COMMAND_EXECUTION]: The skill frequently uses the subprocess module to interface with system utilities and the office suite.
scripts/accept_changes.py runs soffice with headless flags and macro execution commands.
scripts/office/soffice.py runs gcc for dynamic compilation and soffice for document conversion tasks.
scripts/office/validators/redlining.py executes git diff to perform word-level comparisons between document versions.
[PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection when processing external documents.
Ingestion points: Untrusted data from Word documents is ingested through scripts/office/unpack.py and via pandoc text extraction.
Boundary markers: The instructions lack explicit delimiters or safety warnings for the agent to disregard instructions embedded within the document XML or extracted text.
Capability inventory: The skill scripts possess significant system capabilities, including arbitrary command execution via subprocesses and extensive file system access.
Sanitization: While the skill appropriately uses defusedxml to mitigate XML external entity (XXE) attacks, it does not sanitize the natural language content processed at runtime, allowing potential malicious instructions in documents to influence agent behavior.

docx-processing-anthropic