The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of shell commands to orchestrate its workflow.
The setup process (scripts/setup.sh) and environment validation (scripts/env_check.sh) rely on complex shell scripts.
Document conversion and previewing are handled via external calls to soffice (LibreOffice) and pandoc.
The core functionality is driven by a custom C# CLI tool invoked via dotnet run.
Most significantly, the skill's "Quick Start" path explicitly instructs the agent to write arbitrary C# logic to scripts/dotnet/task.csx and execute it at runtime.
[EXTERNAL_DOWNLOADS]: The skill automates the retrieval of external resources.
It downloads the official .NET installation script from Microsoft's well-known domain (https://dot.net/v1/dotnet-install.sh).
It triggers downloads of system-level packages (Pandoc, LibreOffice, .NET SDK) using platform-specific package managers like Homebrew, APT, and DNF.
[REMOTE_CODE_EXECUTION]: Remote code patterns are present in the installation workflow.
The scripts/setup.sh script executes the downloaded dotnet-install.sh shell script via bash.
The architectural design encourages the agent to generate and execute code at runtime to handle complex document manipulations that exceed CLI capabilities.
[PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection.
It ingests untrusted data from external .docx files using docx_preview.sh and $CLI analyze. The instructions lack delimiters or explicit warnings to the model to ignore instructions embedded within the document content, potentially allowing a malicious document to influence agent behavior.

minimax-docx