The Agent Skills Directory

Remote Code Execution (CRITICAL): The skill documentation explicitly instructs users to run curl -sSL https://canifi.com/skills/hackernews/install.sh | bash and curl -sSL https://canifi.com/install.sh | bash. Executing remote scripts via pipe to a shell is a major security vulnerability as the content of the script is never verified before execution and the source is not a trusted provider.
External Downloads (HIGH): The skill relies on scripts and setup procedures hosted on canifi.com, which is not on the list of trusted external sources. This increases the risk of supply chain attacks or malicious code delivery.
Unsafe Credentials (HIGH): The setup instructions prompt the user to store HACKERNEWS_PASSWORD and SERVICE_PASSWORD using canifi-env, which translates to environment variables. Storing cleartext passwords in the environment is a poor security practice as they can be easily leaked through logs, process listings, or subsequent agent actions.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data from Hacker News stories and comments. Because the agent uses browser automation to interact with these pages, there is a risk of indirect prompt injection where malicious content on the page could attempt to subvert the agent's instructions.
Ingestion points: news.ycombinator.com submissions, comments, and Algolia search results.
Boundary markers: None identified; the skill lacks delimiters or instructions for the agent to ignore embedded commands in the data it reads.
Capability inventory: High-privilege browser automation (Playwright) capable of navigation, clicking, and form submission.
Sanitization: No evidence of sanitization or filtering of the web content before processing.

hackernews