Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs users to download and execute shell scripts directly from a remote server using the insecure 'curl | bash' pattern. Evidence: 'curl -sSL https://canifi.com/skills/linkedin/install.sh | bash'.
- [CREDENTIALS_UNSAFE]: The documentation encourages users to store sensitive LinkedIn credentials, including email and password, in environment variables. Evidence: 'canifi-env set LINKEDIN_EMAIL "your-email@example.com"'.
- [COMMAND_EXECUTION]: The skill requires running arbitrary shell commands for installation and configuration, which grants full control over the local system to the unverified scripts downloaded from canifi.com.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it reads untrusted data from the LinkedIn feed to perform automation tasks. 1. Ingestion points: LinkedIn news feed and connection posts processed during networking tasks. 2. Boundary markers: Absent; no delimiters are used to separate feed content from agent instructions. 3. Capability inventory: Browser automation via Playwright, including posting, profile updates, and messaging. 4. Sanitization: Absent; the skill does not filter or sanitize external LinkedIn content before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/linkedin/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata