officecli-academic-paper

This skill appears to be what it says (a recipe for producing academic .docx files), but the SKILL.md tells the agent to download and execute an install script from raw.githubusercontent.com and to auto-upgrade from GitHub before each use. That is the main risk. Before installing or running this skill: - Do not run the curl | bash command blindly. Inspect the install.sh contents at https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh to confirm it is safe and from a trusted maintainer. - Prefer installing officecli manually from a vetted package or repository (or pin a specific, signed release) rather than allowing automatic unpinned installs/upgrades. - If possible, run the skill in an isolated environment (container or VM) so the remote install cannot affect your primary system. - If you do not want the agent to fetch or execute remote code automatically, remove or comment out the install/upgrade block in SKILL.md or configure the agent to require explicit confirmation before running shell commands that fetch remote scripts. - Consider asking the skill author to provide an explicit install spec (packaged release URL or package-manager entry) and to avoid curl|bash auto-updates in runtime instructions. Given these factors, treat this skill as suspicious until you verify the install script and are comfortable with its runtime network/execution behavior.