office-install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow explicitly downloads and installs code and data from public third‑party sources (e.g., curl/git clone and GitHub API calls to fetch the office-skills repo, deno install which pulls npm packages like playwright/sharp (and Chromium), and direct LibreOffice binaries from download.documentfoundation.org), and those fetched packages/scripts/binaries are imported/executed as part of the skill, so untrusted external content can materially influence tool behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches and executes remote installer scripts at runtime (e.g., "curl -LsSf https://astral.sh/uv/install.sh | sh" and "curl -fsSL https://deno.land/install.sh | sh"), which downloads and runs remote code as a required dependency for the skill.