Oathe Security Badge

Is texiaoyao/office-automation-skill safe?

https://github.com/texiaoyao/office-automation-skill

97
SAFE

This skill provides legitimate office automation functionality for processing Word and Excel documents using standard Python libraries. No malicious behavior, data exfiltration, or prompt injection attempts were detected during analysis.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Incomplete script visibility -5

Some Python scripts are truncated in the evidence, preventing full security analysis of their contents.

LOW Python scripts present -10

The skill contains Python scripts for office automation. While they appear legitimate, they do execute code on the system.

INFO Legitimate office automation utility -5

The skill appears to provide genuine office document processing capabilities using well-known Python libraries.