The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The skill uses a high-risk installation pattern that pipes remote scripts directly into the bash shell. This allows the host of the remote server to execute arbitrary code with the user's privileges.
Evidence: curl -sSL https://canifi.com/skills/enterprise/install.sh | bash in the Quick Install section.
Evidence: curl -sSL https://canifi.com/install.sh | bash in the Setup section.
EXTERNAL_DOWNLOADS (HIGH): The skill downloads executable content from canifi.com, which is not on the list of Trusted External Sources. This is a primary delivery mechanism for malicious payloads.
CREDENTIALS_UNSAFE (HIGH): The documentation encourages users to input sensitive information, including SERVICE_PASSWORD and ENTERPRISE_PLUS numbers, into a custom CLI tool (canifi-env). Since the installation of this tool is performed via untrusted remote code execution, there is no guarantee that the credentials remain local as claimed.
COMMAND_EXECUTION (HIGH): The skill's setup and operation rely on the execution of shell commands and environment variable modifications provided by an untrusted source.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from a third-party website (enterprise.com) to perform actions like booking and pricing comparisons.
Ingestion points: Scraping rental details and vehicle classes from enterprise.com via Playwright.
Boundary markers: Absent; no instructions are provided to the agent to ignore instructions embedded in the web content.
Capability inventory: The agent has the ability to modify local environment variables and execute shell commands via the canifi tools.
Sanitization: Absent; the skill does not specify any sanitization or validation of the data retrieved from the web.

enterprise