officecli-data-dashboard
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute shell scripts directly from a remote GitHub repository using the 'curl | bash' and 'iex' (PowerShell) patterns. This occurs in SKILL.md during the automated installation and upgrade checks for the officecli tool.
- [COMMAND_EXECUTION]: The skill relies on an external command-line utility, officecli, to perform complex spreadsheet operations. The agent is directed to invoke various subcommands like create, import, and set, which involve direct interaction with the system shell and file system.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch installation scripts and version metadata from GitHub. These resources are downloaded and processed at runtime to maintain the tool's environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external CSV files without providing instructions for sanitization or using clear boundary markers. The agent analyzes and imports this untrusted data using the officecli tool, which has the capability to modify files.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh - DO NOT USE without thorough review
Audit Metadata