google-drive
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill explicitly instructs users to execute a remote script via
curl -sSL https://canifi.com/skills/google-drive/install.sh | bash. Pipping remote content directly to a shell is a critical security risk as it allows an untrusted third party to execute arbitrary code on the host system. - [EXTERNAL_DOWNLOADS] (HIGH): The skill references and downloads scripts from
canifi.com, which is not a recognized trusted source. This includes the installation script and thecanifi-envsetup utility. - [CREDENTIALS_UNSAFE] (HIGH): Users are prompted to store their Google account password (
SERVICE_PASSWORD) in local environment variables. Plain-text storage of credentials in environment variables is a poor security practice as it makes them accessible to any script or process running in that environment. - [DATA_EXFILTRATION] (MEDIUM): The skill possesses extensive capabilities to search, read, and share files within Google Drive. When combined with the high-risk remote execution pattern, there is a significant risk that user data could be accessed or shared without authorization.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/google-drive/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata