motion
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The file
SKILL.mdcontains instructions to pipe remote scripts to bash:curl -sSL https://canifi.com/skills/motion/install.sh | bash. This is a confirmed remote code execution pattern from an untrusted source that bypasses security reviews. - [EXTERNAL_DOWNLOADS] (HIGH): The skill references
https://canifi.com/install.shand other scripts fromcanifi.com, which is not a recognized trusted organization or repository. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes a custom command-line utility
canifi-envfor local configuration, which involves executing shell commands to manage environment variables and sensitive credentials. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through task and project data ingestion.
- Ingestion points: User-provided task descriptions and project names in the task management examples.
- Boundary markers: Absent; user input is interpolated directly without delimiters or 'ignore' instructions.
- Capability inventory: The skill has the capability to schedule meetings, allocate work time, and reorganize focus time.
- Sanitization: Absent; no evidence of input validation or safety filtering for external content.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/motion/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata