Skills
skills/iofficeai/officecli/officecli-financial-model/Gen Agent Trust Hub

officecli-financial-model

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes an installation script from the author's official GitHub repository (iOfficeAI/OfficeCli) using curl | bash. This is a vendor-provided mechanism to set up the environment required for model generation.
  • [EXTERNAL_DOWNLOADS]: Fetches configuration files, version metadata, and installation scripts from GitHub endpoints controlled by the author.
  • [COMMAND_EXECUTION]: Executes shell commands to verify the local presence of the officecli tool and handle updates. It also includes a reference to a local script on a specific user's system (/Users/veryliu/...) for generating QA screenshots.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates untrusted user-supplied assumptions into financial statements and formula chains.
  • Ingestion points: User text prompts containing financial assumptions as specified in SKILL.md.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded within the user data.
  • Capability inventory: The skill uses officecli to perform complex file system writes and Excel document assembly across multiple scripts.
  • Sanitization: No sanitization, escaping, or validation of user-provided content is performed before interpolation into the workbook.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 02:01 PM