The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/recalc.py performs a persistent modification of the host system by writing a StarBasic macro file (Module1.xba) to the user's LibreOffice configuration directory (e.g., ~/.config/libreoffice/4/user/basic/Standard/). This macro remains on the system across sessions.
[COMMAND_EXECUTION]: The skill uses subprocess.run to execute various system commands, including soffice (LibreOffice), pip, and timeout. It specifically triggers the injected macro using a vnd.sun.star.script URI.
[COMMAND_EXECUTION]: In scripts/setup_deps.py, the dependency installer uses the --break-system-packages flag. This is a safety bypass that allows global package installation in managed Python environments (PEP 668), potentially destabilizing the host system or bypassing intended environment isolation.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs several external Python packages (openpyxl, pandas, xlsxwriter, matplotlib) during its setup phase.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external Excel files using powerful libraries like pandas and openpyxl without explicit sanitization or boundary markers to distinguish between data and instructions. The presence of significant system-level capabilities (command execution, file writing) increases the risk associated with this attack surface.

excel-toolkit