The Agent Skills Directory

Data Ingestion Surface: The skill is designed to process external data sources, including spreadsheets (XLSX, CSV) and PDFs, for analysis and report generation. This involves reading content from potentially untrusted user-provided files.
Evidence: Found in SKILL.md and style_guidelines.md regarding the processing of source data and PDF extraction using libraries like pypdf and pandas.
Context: This is a standard surface for document-processing skills. The skill mitigates risks by specifying the use of bundled, versioned libraries and workspace-isolated runtimes.
Dynamic Script Generation: The skill utilizes a pattern where it generates and executes JavaScript (Node.js) builder scripts to programmatically construct or edit spreadsheet artifacts.
Evidence: SKILL.md instructs the agent to 'Prefer one executable .mjs builder; patch and rerun it when iterating' and provides extensive API documentation for the @oai/artifact-tool library.
Context: This is the intended operational model for high-fidelity artifact creation. The risk is managed by restricting execution to conversation-specific temporary directories and using managed workspace dependencies rather than system-wide binaries.
Workspace Isolation: The skill explicitly enforces the use of managed dependencies and forbids the use of system-level interpreters or global package managers.
Evidence: SKILL.md states: 'Do not use system node, system python, global npm packages, or repo-local installs.' and 'Run builders from a writable conversation-specific temp or workspace directory'.
Context: This is a strong security posture that prevents privilege escalation and ensures a reproducible, isolated environment for code execution.

spreadsheets