gog
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation includes instructions to execute remote code using the
curl | bashpattern from an untrusted domain (canifi.com). This is a high-risk pattern as the remote script content can be changed by the host at any time. - EXTERNAL_DOWNLOADS (HIGH): The domain
canifi.comis not in the list of trusted external sources. Scripts downloaded and executed from this domain constitute an unverified dependency risk. - CREDENTIALS_UNSAFE (MEDIUM): The setup instructions direct users to store sensitive data, including
SERVICE_PASSWORD, in local environment variables usingcanifi-env. This increases the attack surface for credential theft. - COMMAND_EXECUTION (MEDIUM): The skill relies on external shell-based tools and commands (
cp,bash) for installation and configuration which are not part of the skill's verifiable code. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted content from the GOG.com website to update its behavior and selectors. Evidence Chain: 1. Ingestion points: GOG.com website content via Playwright MCP. 2. Boundary markers: Absent. 3. Capability inventory: Remote script execution (curl), environment variable access, and filesystem operations. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/gog/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata