Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill requires users to run 'curl -sSL https://canifi.com/skills/facebook/install.sh | bash'. This pattern allows an untrusted remote server to execute arbitrary code on the user's machine with no verification or integrity checks.
- [CREDENTIALS_UNSAFE] (HIGH): The setup instructions encourage users to store their 'FACEBOOK_PASSWORD' in plaintext environment variables. Storing primary credentials in the environment is a high-risk practice that makes them accessible to other local processes.
- [EXTERNAL_DOWNLOADS] (HIGH): All installation and configuration scripts are hosted on 'canifi.com', which is not a trusted source. This makes the skill's entire execution environment unverifiable and prone to supply chain attacks.
- [COMMAND_EXECUTION] (HIGH): The skill relies on the 'canifi-env' tool, which is itself installed via an untrusted remote script. This creates a chain of unverified command executions on the host system.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Facebook posts, group content, and notifications (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Browser automation via Playwright and shell access via canifi-env (SKILL.md). 4. Sanitization: Absent. Malicious content on Facebook could potentially hijack the browser automation session.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/facebook/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata