framer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs users to pipe a remote script from 'https://canifi.com/skills/framer/install.sh' directly into bash. This pattern allows for arbitrary code execution from an untrusted source, which is a major security vulnerability.
- EXTERNAL_DOWNLOADS (HIGH): The skill references and executes scripts from 'canifi.com', which is not a trusted source according to security guidelines.
- CREDENTIALS_UNSAFE (MEDIUM): The setup instructions encourage users to store sensitive passwords ('FRAMER_PASSWORD') in environment variables. While it claims local-only access, the agent is instructed to use these credentials for login, creating a risk of exposure or credential harvesting.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes an external utility 'canifi-env' of unknown origin to manage system state and environment variables, which could be used for persistence or malicious modification of the user's environment.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from 'form submissions' and 'Framer project content' (Ingestion: SKILL.md). It possesses capabilities to 'edit pages' and 'publish sites' (Capabilities: SKILL.md). There are no boundary markers or sanitization logic mentioned to prevent external data from influencing the agent's actions.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/framer/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata