officecli-financial-model

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an unrecognized GitHub repository and include direct raw install scripts (install.sh, install.ps1) plus a releases API endpoint — the curl|bash and irm|iex install pattern lets arbitrary code be fetched and executed, which is a high-risk distribution vector for malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "BEFORE YOU START (CRITICAL)" section explicitly instructs running curl commands that fetch and (pipe/execute) scripts from raw.githubusercontent.com and query the public GitHub API (api.github.com) — untrusted public content the agent is required to run/consult before using officecli, which can materially change tooling and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's startup instructions instruct running a curl piped to bash that fetches and executes remote code at runtime from https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh, which is a required runtime dependency that executes remote code.