The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs runtime compilation and modifications to the execution environment to ensure its tools function correctly. In scripts/office/soffice.py, C source code for an AF_UNIX socket shim is defined as a string literal, written to a temporary file, and compiled using gcc into a shared library. The skill then executes LibreOffice with the LD_PRELOAD environment variable set to load this shim and bypass socket restrictions. Additionally, the skill executes various shell commands such as soffice, git diff, and gtimeout using the subprocess module in scripts/recalc.py and scripts/office/validators/redlining.py. The recalculation script also persistently modifies the user environment by writing a custom macro to the LibreOffice application configuration directory.
[PROMPT_INJECTION]: The skill presents a vulnerability surface for indirect prompt injection due to its processing of untrusted external data while having access to broad capabilities. Spreadsheet data enters the agent context through ingestion points in scripts/recalc.py and SKILL.md via libraries like pandas and openpyxl. There are no boundary markers or explicit instructions to ignore embedded instructions used during ingestion, and the content is not sanitized before processing. Given the skill's ability to execute shell commands, compile code at runtime, and modify its own process space, a maliciously crafted spreadsheet could potentially exploit these capabilities or manipulate the agent's behavior. Additionally, the skill metadata deceptively claims the author is Anthropic when the context provided indicates a different author.

xlsx-processing-anthropic