officecli-pitch-deck

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). High risk — these are raw install scripts (install.sh, install.ps1) and a GitHub release endpoint for an unvetted repository (iOfficeAI/OfficeCLI); while hosted on GitHub, executing curl|bash or Invoke-Expression against raw scripts from an unknown repo can run arbitrary code and is a common malware distribution vector unless you first review the code, verify release signatures, and confirm the project's reputation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "BEFORE YOU START" step explicitly instructs fetching and executing remote content (curl https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh | bash and queries to https://api.github.com/repos/...) which pulls open/public GitHub-hosted scripts/metadata that are untrusted third-party content and can materially influence tool installation and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime setup instructs fetching and executing remote install scripts (e.g., curl -fsSL https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh | bash and the PowerShell equivalent https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.ps1 | iex), which downloads and executes remote code as a required dependency (officecli), so this is a high-risk runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs executing remote installer commands (curl | bash) and running CLI install/upgrade checks which will modify the host (potentially require sudo or change system files), so it encourages changing machine state even though it doesn't explicitly request sudo or account creation.