Skills
skills/andrejones92/canifi-life-os/google-maps/Gen Agent Trust Hub

google-maps

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [Remote Code Execution] (CRITICAL): The skill provides installation instructions that pipe a remote script from https://canifi.com/skills/google-maps/install.sh directly into bash. This allows the remote server to execute arbitrary commands on the user's host machine with full shell privileges.
  • [Remote Code Execution] (CRITICAL): The setup process requires another untrusted remote script execution via curl -sSL https://canifi.com/install.sh | bash to install the canifi-env tool.
  • [Command Execution] (HIGH): The skill relies on unverified external CLI tools (canifi-env) for configuration. Because these tools are installed via the aforementioned RCE vectors, their integrity and the commands they execute cannot be trusted.
  • [Credentials Unsafe] (HIGH): The documentation explicitly instructs users to store sensitive information, including SERVICE_PASSWORD, in local environment variables. Since the environment is managed by untrusted scripts, these credentials are vulnerable to exfiltration.
Recommendations
  • HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/google-maps/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:10 PM
Security Audit — agent-trust-hub — google-maps