plaid
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation explicitly instructs users to execute remote scripts using 'curl -sSL ... | bash'. This pattern is extremely dangerous as it executes unverified code from an untrusted source (canifi.com) with the user's shell privileges. Evidence includes 'https://canifi.com/skills/plaid/install.sh' and 'https://canifi.com/install.sh'.
- CREDENTIALS_UNSAFE (HIGH): The skill manages highly sensitive financial login information (Plaid) and encourages users to store passwords in local environment variables. Combined with the unverified remote code execution risk, this creates a severe danger of credential exfiltration.
- EXTERNAL_DOWNLOADS (HIGH): The skill depends on installation and configuration scripts from 'canifi.com', which is not a recognized trusted organization, posing a significant supply-chain risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/plaid/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata