officecli-xlsx

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to raw install scripts and the GitHub releases API for a third‑party repo (iOfficeAI/OfficeCLI) and the skill explicitly tells users to pipe those scripts into bash/PowerShell—a high‑risk pattern because raw scripts from an unverified/unknown repository can execute arbitrary code and should be inspected and verified (checksums, signatures, repo popularity/activity) before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "BEFORE YOU START (CRITICAL)" section explicitly instructs fetching and running remote content (curl https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh and querying https://api.github.com/repos/...), which pulls and executes public third‑party code/metadata that can materially change tool behavior and thus could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's "BEFORE YOU START" runtime check fetches and pipes remote install scripts to a shell/PowerShell (curl -fsSL https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh | bash and irm https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.ps1 | iex), which executes remote code and is presented as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs running remote install/upgrade commands (curl ... | bash) that execute arbitrary code and modify the system (potentially requiring sudo), so it can change the machine state and is a security risk.