wps_office_auto_skill

The skill bundle provides a comprehensive set of office automation tools for processing Word, Excel, PPT, and PDF files locally. However, it contains a significant security vulnerability in `modules/spreadsheet.py`, where the `analyze_data` function passes the `filter_condition` parameter directly into `pandas.DataFrame.query()` without sanitization. This allows for potential arbitrary code execution or data manipulation via crafted query strings. While the project appears to have transitioned to a local-only model (as noted in `CHANGELOG.md` and the removal of network-related dependencies), the inclusion of this unsanitized sink for user-controlled input poses a high risk in an AI agent environment.