The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Runtime compilation and process injection of a custom shim library.
File: scripts/office/soffice.py
Evidence: The script contains an embedded C source string _SHIM_SOURCE that is written to a temporary file and compiled at runtime using gcc to create a shared library lo_socket_shim.so. This library is subsequently injected into the environment of subprocesses using the LD_PRELOAD environment variable to intercept and modify socket-related system calls for LibreOffice.
[COMMAND_EXECUTION]: Execution of system binaries via subprocess calls to perform core functions.
Files: scripts/recalc.py, scripts/office/soffice.py, scripts/office/validators/redlining.py
Evidence: The skill invokes several external binaries, including soffice (LibreOffice) for spreadsheet formula recalculation, gcc for the runtime compilation of compatibility shims, and git for generating document differences during validation.
[PROMPT_INJECTION]: Significant attack surface for indirect prompt injection via untrusted data ingestion.
Ingestion points: spreadsheet files are read using pd.read_excel and load_workbook in scripts/recalc.py and snippets provided in SKILL.md.
Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from obeying natural language instructions that might be embedded within spreadsheet cells.
Capability inventory: The skill possesses the capability to execute arbitrary system commands (via the recalculation and compilation logic) and write to the local file system.
Sanitization: Absent. The scripts do not implement validation or escaping of the content extracted from external tabular files before it is processed or presented to the model.

xlsx