officecli-office-automation
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions utilize commands that download and immediately execute shell scripts from an external, unverified GitHub repository (
iOfficeAI/OfficeCLI) by piping them tobashoriex. This bypasses security checks and executes arbitrary remote code with the current user's permissions. - [COMMAND_EXECUTION]: The skill's primary operations depend on executing a binary named
officeclifrom an untrusted source. This binary has broad access to the agent's environment and the host file system. - [EXTERNAL_DOWNLOADS]: The skill fetches executable components and installation scripts from a repository belonging to an organization not recognized as a trusted vendor.
- [PROMPT_INJECTION]: The skill processes untrusted content from Word, Excel, and PowerPoint files through the
viewandgetcommands, creating an indirect prompt injection surface. 1. Ingestion points: Office file content is ingested into the agent context via theofficeclitool. 2. Boundary markers: Absent; there are no instructions for the agent to distinguish document data from operational commands. 3. Capability inventory: The skill has extensive shell execution and file-system modification capabilities. 4. Sanitization: Document content is processed and used directly in the provided script examples without any escaping or validation.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata