officecli-pitch-deck
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script from 'https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh' by piping the output of 'curl' directly into 'bash'. This is performed during both initial setup and update checks.
- [REMOTE_CODE_EXECUTION]: For Windows environments, the skill documentation recommends piping a remote PowerShell script from 'https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.ps1' into 'iex' (Invoke-Expression).
- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and release metadata from external GitHub endpoints to manage the 'officecli' tool dependency.
- [COMMAND_EXECUTION]: The skill performs shell-based environment checks using 'command -v', 'grep', and 'sed', and invokes 'officecli' with dynamically generated JSON batch scripts via heredoc.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh - DO NOT USE without thorough review
Audit Metadata