gmail
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly instructs users to run
curl -sSL https://canifi.com/skills/gmail/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. This pattern executes remote code with the user's full shell privileges without any integrity verification or prior review of the script content. - [EXTERNAL_DOWNLOADS] (HIGH): The installation process fetches scripts from
canifi.com. This domain is not a trusted external source (such as official repositories from Anthropic, Google, or Microsoft), making the content untrusted and the download high-risk. - [CREDENTIALS_UNSAFE] (HIGH): The skill encourages users to set
SERVICE_PASSWORDin their environment. Storing plaintext passwords for a primary Google account in environment variables accessible to the agent and the unverifiedcanifi-envtool is a severe credential exposure risk. - [COMMAND_EXECUTION] (HIGH): The skill relies on a proprietary CLI tool (
canifi-env) to manage environment variables. Since this tool is installed via an unverified remote script, it could perform any number of malicious actions on the host system under the guise of configuration management. - [PROMPT_INJECTION] (LOW): This skill represents an indirect prompt injection surface. It reads and processes live email content (untrusted data) from the user's inbox. The instructions lack boundary markers or sanitization requirements, which could allow a malicious email to manipulate the agent into performing unauthorized actions, such as deleting emails or exfiltrating data via the 'send email' capability.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/gmail/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata