officecli-financial-model

Security checks across malware telemetry and agentic risk

Overview

The skill’s spreadsheet-building purpose is coherent, but it tells the agent to automatically download and run a live installer or updater before use.

Review before installing. The workbook guidance itself is coherent, but use this skill only if you are comfortable managing officecli separately. Prefer installing officecli through a trusted, pinned, verified process and do not let the skill automatically run the GitHub installer or updater during normal workbook generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill instructs the agent to download and execute a remote install or upgrade script before performing its stated task, which is unnecessary for generating a financial model and creates a direct remote code execution path. Because the fetched script is mutable and unauthenticated beyond transport security, a compromised repository, maintainer account, or network trust boundary could lead to arbitrary code execution in the agent environment.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The markdown directs automatic execution of downloaded shell and PowerShell scripts without any warning, review step, integrity verification, or consent gate. This normalizes unsafe behavior and can cause users or agents to run untrusted code from the internet as part of routine workbook generation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal