google-forms
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill provides installation commands (curl -sSL https://canifi.com/skills/google-forms/install.sh | bash) that pipe remote content directly into the shell. This allows the owners of canifi.com to execute arbitrary code on the host system.
- EXTERNAL_DOWNLOADS (HIGH): Dependency on unverified scripts from non-trusted domains for both skill installation and environment setup (canifi.com/install.sh).
- CREDENTIALS_UNSAFE (MEDIUM): Users are prompted to save SERVICE_PASSWORD and GOOGLE_EMAIL in environment variables via canifi-env. Since the environment tool itself is installed via insecure RCE, these credentials should be considered compromised.
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). The skill reads external form responses which could contain malicious instructions designed to hijack the agent's browser session. Evidence: 1. Ingestion points: google-forms responses. 2. Boundary markers: Absent. 3. Capability inventory: Playwright browser control, 2FA notification access. 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/google-forms/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata