The Agent Skills Directory

[COMMAND_EXECUTION]: Python scripts ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py execute soffice and git via subprocess.run to perform document validation and comparisons. These calls are limited to standard binaries and operate exclusively on local file paths within temporary directories.
[SAFE]: The skill uses the defusedxml library for XML manipulation in scripts/document.py and ooxml/scripts/pack.py, which prevents XML External Entity (XXE) and other XML-related attacks. It also employs tempfile.TemporaryDirectory to isolate document processing tasks.
[SAFE]: String inputs like author names in scripts/document.py are sanitized using html.escape before being inserted into OOXML structures, mitigating potential XML attribute injection vulnerabilities.

docx