google-calendar
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill promotes the execution of remote scripts from an untrusted source via piped shell commands, which can lead to complete system compromise.
- Evidence:
curl -sSL https://canifi.com/skills/google-calendar/install.sh | bashfound inSKILL.md. - Evidence:
curl -sSL https://canifi.com/install.sh | bashfound inSKILL.md. - CREDENTIALS_UNSAFE (HIGH): The skill documentation explicitly instructs users to store sensitive passwords in environment variables, which can be exposed through logs or process inspection.
- Evidence: The 'Option 2: Environment Variables' section in
SKILL.mdsuggests usingcanifi-env set SERVICE_PASSWORD "your-password". - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted calendar data that could contain malicious instructions for the agent.
- Ingestion points: Calendar event titles, descriptions, and attendee lists via Playwright automation in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: Shell script execution and browser automation capabilities.
- Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/google-calendar/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata