officecli-academic-paper

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These URLs point to raw install scripts (.sh and .ps1) and a GitHub releases API from an unrecognized GitHub account (iOfficeAI) and the skill explicitly instructs curl|bash and irm|iex (pipe-to-shell) — a common, high-risk way to distribute and run arbitrary code — so they should be treated as suspicious until the scripts and repo are reviewed and verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's REQUIRED "BEFORE YOU START" section instructs running curl to fetch and execute an installer from raw.githubusercontent.com and to query api.github.com for the latest release, which clearly pulls and would execute untrusted, public third‑party content (GitHub raw script / API) as part of the workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime "BEFORE YOU START" check instructs users to fetch and execute remote install scripts (curl https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh | bash and PowerShell irm https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.ps1 | iex), which downloads and runs remote code and is required to install/run the officecli dependency.