garmin-connect
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains instructions to execute remote code via
curl -sSL https://canifi.com/skills/garmin-connect/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. This 'curl-pipe-bash' pattern from an untrusted/non-whitelisted domain allows for arbitrary command execution on the host system without prior inspection.- [CREDENTIALS_UNSAFE] (HIGH): The documentation explicitly instructs users to store sensitive information includingGARMIN_PASSWORDandSERVICE_PASSWORDusing environment variables via thecanifi-envcommand. This practice exposes credentials to any process or user with access to the environment.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on external scripts and installers hosted oncanifi.com, which is not a verified or trusted source (e.g., GitHub, Google, or Anthropic). This creates a dependency on a potentially malicious or compromised third-party server.- [PROMPT_INJECTION] (LOW): The skill has a surface for Indirect Prompt Injection (Category 8) because it ingests untrusted data from the Garmin Connect website (activity names, health notes, etc.). - Ingestion points: Garmin Connect web data via Playwright MCP (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Browser automation via Playwright MCP, notification via iMessage.
- Sanitization: Not specified in instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/garmin-connect/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata