The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs the user to execute unverified shell scripts directly from the internet using the curl | bash pattern.
Evidence:
curl -sSL https://canifi.com/skills/drift/install.sh | bash found in the Quick Install section.
curl -sSL https://canifi.com/install.sh | bash found in the Setup section.
Context: The domain canifi.com is not a trusted source. Piping remote content to a shell allows for arbitrary code execution with the user's full local privileges.
CREDENTIALS_UNSAFE (HIGH): The skill is designed to handle and input plaintext credentials (DRIFT_EMAIL, DRIFT_PASSWORD) into web forms.
Evidence: The authentication flow explicitly states it will "Enter email and password from canifi-env" into app.drift.com.
Risk: Storing or processing plaintext credentials in an automated agent environment exposes them to potential exfiltration if the agent is compromised by indirect prompt injection.
COMMAND_EXECUTION (HIGH): The skill relies on a local environment manager (canifi-env) and automated installers that execute multiple system-level commands without transparency or verification.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted visitor data from the Drift platform.
Ingestion points: Drift conversation messages and visitor/account metadata.
Boundary markers: None detected; the skill does not use delimiters to separate user instructions from platform data.
Capability inventory: Browser automation, session cookie maintenance, and 2FA interception.
Sanitization: No evidence of input validation or escaping for data retrieved from the web interface.

drift