Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation instructs the user to run
curl -sSL https://canifi.com/skills/instagram/install.sh | bash. This pattern is extremely high-risk as it executes unverified code from an untrusted third-party domain directly on the host system. - REMOTE_CODE_EXECUTION (CRITICAL): A second remote script execution is required for setup:
curl -sSL https://canifi.com/install.sh | bash. This reinforces the untrusted execution pattern for the entire environment manager. - CREDENTIALS_UNSAFE (HIGH): The skill is explicitly designed to handle and store sensitive credentials (
INSTAGRAM_PASSWORD,SERVICE_PASSWORD). While the documentation claims these are stored locally, the combination of high-privilege remote code execution and credential handling creates a high risk of data exfiltration. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on external scripts and configuration tools hosted on
canifi.com, which is not among the verified trusted sources. There is no integrity verification (e.g., checksums) for these downloads. - PROMPT_INJECTION (LOW): As the skill is designed to read Instagram DMs and comments, it is vulnerable to Indirect Prompt Injection. A malicious user could send a message to the Instagram account that contains instructions to manipulate the AI agent's behavior when it 'views' the DM.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/instagram/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata