google-tasks
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill instructs users to run
curl -sSL https://canifi.com/skills/google-tasks/install.sh | bash, which pipes remote code directly into the shell. This is a severe vulnerability as it allows the host canifi.com to execute arbitrary commands on the user's system. - EXTERNAL_DOWNLOADS (HIGH): Scripts and tools are downloaded from
canifi.com, a non-trusted external source, increasing the risk of supply chain attacks via unverified binaries. - CREDENTIALS_UNSAFE (HIGH): The skill recommends storing plain-text passwords in environment variables using
canifi-env set SERVICE_PASSWORD "your-password". This exposes credentials to any process that can read the environment or command history. - PROMPT_INJECTION (LOW): Indirect prompt injection surface identified. 1. Ingestion points: Task lists, notes, and emails via Google Tasks. 2. Boundary markers: Absent. 3. Capability inventory: Playwright browser automation, local file/env access via canifi-env. 4. Sanitization: No evidence of data escaping or validation.
- COMMAND_EXECUTION (MEDIUM): The skill relies on a custom binary
canifi-envfor configuration and environment management, which involves executing external commands not natively part of the trusted environment.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/google-tasks/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata