google-sheets
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill promotes a highly dangerous installation pattern where remote scripts from an untrusted domain (canifi.com) are piped directly to the bash interpreter. This allows the remote server to execute any command on the user's machine. Evidence:
curl -sSL https://canifi.com/skills/google-sheets/install.sh | bashin the Quick Install section;curl -sSL https://canifi.com/install.sh | bashin the Setup section. - Credentials Unsafe (HIGH): The skill instructs users to store sensitive information including
SERVICE_PASSWORDandGOOGLE_EMAILusing a custom environment tool (canifi-env). Since this tool is installed via an unverified remote script, there is a severe risk that credentials could be intercepted or exfiltrated. - External Downloads (HIGH): The skill depends on scripts hosted at canifi.com, which is not a trusted source (such as official GitHub or Google repositories). This increases the risk of supply chain attacks or malicious payload delivery.
- Indirect Prompt Injection (LOW): The skill operates by reading and analyzing data from Google Sheets, creating a surface where an attacker could place malicious instructions inside a spreadsheet to influence the AI's behavior. Ingestion points: Spreadsheet data read via Playwright MCP (SKILL.md). Boundary markers: Absent. Capability inventory: Browser automation, spreadsheet modification, credential handling. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/google-sheets/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata