Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Remote Code Execution (CRITICAL): The skill explicitly instructs users to run
curl -sSL https://canifi.com/skills/linkedin/install.sh | bash. This is a critical security risk as it allows a remote, untrusted server to execute arbitrary code on the user's local machine with the permissions of the current shell. - Unverifiable Source (HIGH): The domain
canifi.comis not a recognized trusted source. Downloads and script executions from unverified third-party domains represent a major supply-chain risk. - Credential Security (HIGH): The skill setup requires users to input
LINKEDIN_EMAILandLINKEDIN_PASSWORDinto a custom environment tool (canifi-env). Because this tool is installed via the aforementioned untrusted remote script, there is no guarantee that credentials are not being exfiltrated to a third-party server. - Indirect Prompt Injection (LOW): The skill is designed to read and process live LinkedIn feeds and comments.
- Ingestion points: LinkedIn feed content and connection posts (SKILL.md).
- Boundary markers: None present to distinguish between instructions and data.
- Capability inventory: The agent has the power to post content, send connection requests, and modify profile details.
- Sanitization: No sanitization or validation logic is mentioned for the data retrieved from the LinkedIn API/DOM.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/linkedin/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata