The Agent Skills Directory

[PROMPT_INJECTION]: The skill's metadata identifies the author as 'OpenAI', which is inconsistent with the actual source 'lawve-ai'. This use of deceptive metadata can mislead users or systems about the skill's origin and security standing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external spreadsheet files without adequate boundaries.
Ingestion points: The skill is designed to read and analyze data from .xlsx, .xlsm, .csv, and .tsv files using 'openpyxl' and 'pandas' as defined in SKILL.md.
Boundary markers: There are no instructions or delimiters specified to ensure the agent ignores potential commands embedded within spreadsheet cells.
Capability inventory: The skill possesses significant capabilities, including file system writes (output/spreadsheet/), shell command execution (soffice, pdftoppm), and software installation via system package managers.
Sanitization: No data validation or sanitization routines are mentioned for the content ingested from external workbooks.
[COMMAND_EXECUTION]: The skill instructs the agent to perform administrative and system-level operations.
In SKILL.md, it directs the use of sudo apt-get install to install 'libreoffice' and 'poppler-utils'.
It also provides instructions for running headless shell commands (soffice and pdftoppm) to convert and render spreadsheet files into images.
[EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of external software and libraries.
It suggests installing Python libraries such as openpyxl, pandas, and matplotlib from standard registries.
It recommends fetching system-level utilities like 'libreoffice' and 'poppler' from macOS and Linux package repositories.

xlsx-processing-openai