officecli-pptx
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of reading external files.
- Ingestion points: The agent extracts text from untrusted .pptx files using the
officecli view textandofficecli view annotatedcommands. - Boundary markers: The instructions do not define delimiters or specific 'ignore' directives to isolate extracted text from the agent's logic.
- Capability inventory: The agent has extensive capabilities to write files, modify content, and execute local CLI commands.
- Sanitization: There is no evidence that extracted content is sanitized or validated before being processed by the agent.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute shell scripts from the author's GitHub repository (
https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh) by piping them directly intobashoriex. While this is a common method for installing vendor-owned CLI tools and targets the skill author's infrastructure, it remains a high-risk execution pattern. - [EXTERNAL_DOWNLOADS]: The skill performs automated network requests to GitHub's API (
api.github.com) to check for updates and usescurlto fetch installation scripts. These operations are limited to the vendor's repositories and are used for maintaining the necessary local environment. - [COMMAND_EXECUTION]: The skill relies on executing the
officeclibinary through various subprocess calls to perform presentation tasks. These commands are the intended primary mechanism of the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh - DO NOT USE without thorough review
Audit Metadata