producthunt
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to execute remote shell scripts using 'curl | bash' from 'canifi.com'. This is a high-risk pattern as it allows for arbitrary code execution from a non-trusted source. Evidence found in SKILL.md: 'curl -sSL https://canifi.com/skills/producthunt/install.sh | bash' and 'curl -sSL https://canifi.com/install.sh | bash'.
- [CREDENTIALS_UNSAFE]: The skill requires users to provide sensitive credentials ('PRODUCTHUNT_PASSWORD') and store them using a local utility. While it claims local storage, the agent has programmatic access to these secrets, creating a risk of exposure or unauthorized use. Evidence found in SKILL.md: 'canifi-env set PRODUCTHUNT_PASSWORD "your-password"'.
- [COMMAND_EXECUTION]: The skill relies on shell commands for setup and environment management, including the 'canifi-env' tool and local filesystem operations.
- [EXTERNAL_DOWNLOADS]: Fetches external resources and installation scripts from the 'canifi.com' domain, which is not in the trusted vendors list.
- [PROMPT_INJECTION]: The skill processes untrusted content from Product Hunt (product descriptions, comments) using browser automation without specified sanitization or boundary markers, making it susceptible to indirect prompt injection. 1. Ingestion points: Product descriptions, rankings, and comments from producthunt.com. 2. Boundary markers: Absent. 3. Capability inventory: Browser automation (Playwright), shell execution (curl, bash), and iMessage notification. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/producthunt/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata