The Agent Skills Directory

[SAFE]: No security issues were identified during the analysis of the skill's instructions or implementation scripts.
[EXTERNAL_DOWNLOADS]: The skill requires the python-docx package, a well-known library for Word document manipulation, which is installed via the standard Python package manager. It also refers to a platform-specific command to install the skill from the official repository of the author.
[COMMAND_EXECUTION]: The skill invokes a local Python script (scripts/annotate_docx.py) to perform its core functions of text extraction and document annotation. These operations are conducted on local files as directed by the user during the review workflow.
[PROMPT_INJECTION]: The skill processes content from external docx files. While this creates a potential surface for indirect prompt injection, it is considered an expected and acceptable risk for the intended document-review use case. 1. Ingestion points: Paragraph text extracted from docx files via scripts/annotate_docx.py. 2. Boundary markers: Absent in current skill instructions. 3. Capability inventory: Local file modification using scripts/annotate_docx.py. 4. Sanitization: Content is processed as plaintext; no specific AI-level instruction sanitization is implemented.

lovstudio-review-doc