skills/ninehills/skills/officecli/Gen Agent Trust Hub

officecli

Fail

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's primary installation method involves downloading shell scripts from unverified domains ('d.officecli.ai' and 'raw.githubusercontent.com/iOfficeAI/OfficeCLI') and piping them directly to 'bash'. This behavior is a critical risk as it allows an external source to execute arbitrary commands on the host system without verification of the script content.
  • [PROMPT_INJECTION]: Automated scans detected hidden Unicode characters in 'examples/excel/charts/charts-extended.xlsx'. This steganographic technique is a high-risk vector for indirect prompt injection, where an agent reading the file could be tricked into following hidden malicious instructions. Ingestion Point: 'examples/excel/charts/charts-extended.xlsx'; Boundary Markers: Absent; Capability Inventory: shell command execution and file modification; Sanitization: Absent.
  • [COMMAND_EXECUTION]: Multiple Python examples within the skill (e.g., 'examples/excel/cell-formatting.py') use 'subprocess.run' with 'shell=True'. This facilitates insecure shell command execution and increases the risk of command injection if the scripts are utilized in automated environments.
  • [EXTERNAL_DOWNLOADS]: The skill performs several downloads of binaries and scripts from external domains that are not verified as trusted organizations, posing a supply chain risk.
  • [DATA_EXFILTRATION]: The 'watch' command implements a local HTTP server on port 26315. Local servers can be exploited in multi-stage attacks to harvest local data or perform unauthorized requests from the local network environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.sh, https://d.officecli.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 4, 2026, 04:21 PM
Security Audit — agent-trust-hub — officecli