The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the @superdoc-dev/cli package from the public npm registry. This package is from an unverified source and is not categorized as a trusted or well-known service.
[REMOTE_CODE_EXECUTION]: The skill executes code from a remote source via npx @superdoc-dev/cli@latest. The use of the @latest tag ensures that the most recent version is always fetched and executed, which allows the package maintainer to update the code with malicious behavior that would be automatically executed by the agent.
[COMMAND_EXECUTION]: The agent is instructed to run shell commands that incorporate user-provided file patterns and paths. This pattern can lead to command injection if the arguments are not correctly handled or if the underlying CLI tool has vulnerabilities in parameter parsing.
[PROMPT_INJECTION]: The skill processes untrusted data from Word documents, which creates a surface for indirect prompt injection. 1. Ingestion points: The read and search commands process the contents of .docx files. 2. Boundary markers: None are defined in the instructions to separate document content from the prompt. 3. Capability inventory: The skill has CLI execution capabilities and filesystem access. 4. Sanitization: No sanitization or filtering of document content is mentioned.

docx-processing-superdoc