google-contacts
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill provides a direct command to execute a remote script:
curl -sSL https://canifi.com/skills/google-contacts/install.sh | bash. This pattern is extremely dangerous because it allows unverified, potentially malicious code from an untrusted source to run with the user's local permissions.\n- REMOTE_CODE_EXECUTION (CRITICAL): An additional remote execution pattern is referenced for environment setup:curl -sSL https://canifi.com/install.sh | bash. Sincecanifi.comis not a trusted source, this is a critical security risk.\n- CREDENTIALS_UNSAFE (HIGH): The documentation encourages users to store sensitive credentials likeSERVICE_PASSWORDin plain-text environment variables via thecanifi-envtool. This is a high-risk practice as environment variables are often leaked in process listings or logs.\n- DATA_EXFILTRATION (MEDIUM): The error handling logic mentions notifying the user via iMessage. This indicates the capability to send data to external communication platforms, which could be abused to exfiltrate sensitive contact information.\n- PROMPT_INJECTION (LOW): The skill processes untrusted input from Google Contacts (e.g., contact names or notes) which can be used for indirect prompt injection. Mandatory Evidence: (1) Ingestion points: Contact data retrieved via Playwright. (2) Boundary markers: None present. (3) Capability inventory: Subprocess execution through install scripts and network communication via iMessage. (4) Sanitization: No sanitization or input validation for contact fields is documented or implemented.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/google-contacts/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata