The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/office/soffice.py uses high-risk dynamic code execution patterns. It generates C source code at runtime, compiles it into a shared library (.so) using gcc, and then uses the LD_PRELOAD environment variable to inject this library into the soffice (LibreOffice) process. While documented as a workaround for socket restrictions, this provides a mechanism for arbitrary code execution within system processes.
[COMMAND_EXECUTION]: The skill performs several high-risk command line operations via subprocess.run. It invokes gcc for compilation and soffice for spreadsheet processing. Additionally, the script scripts/recalc.py implements a persistence mechanism by writing a StarBasic macro (Module1.xba) directly into the user's LibreOffice configuration directory (e.g., ~/.config/libreoffice/4/user/basic/Standard). This persists changes to the application's environment across different sessions.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it processes untrusted spreadsheet files while maintaining extensive system-level capabilities.
Ingestion points: Untrusted data enters the agent context when reading Excel or CSV files using pandas.read_excel or openpyxl.load_workbook (referenced in SKILL.md).
Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the processed data.
Capability inventory: The skill can execute shell commands, compile source code, perform process injection, and modify application configuration files (found in scripts/recalc.py and scripts/office/soffice.py).
Sanitization: Absent. External content is interpolated directly into model workflows without filtering or validation.

xlsx