The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructions direct the user to execute a remote script via curl -sSL https://canifi.com/skills/skiplagged/install.sh | bash. This represents a critical risk of arbitrary code execution from an unverified third-party domain.
[REMOTE_CODE_EXECUTION]: The setup instructions recommend installing an additional utility via curl -sSL https://canifi.com/install.sh | bash, which repeats the dangerous piped-to-shell execution pattern.
[COMMAND_EXECUTION]: The documentation promotes high-risk command-line patterns that bypass security review and allow for immediate system compromise.
[CREDENTIALS_UNSAFE]: The skill encourages users to store sensitive information, including passwords, in environment variables managed by a tool (canifi-env) that is itself delivered via an untrusted remote execution chain.
[EXTERNAL_DOWNLOADS]: The skill relies on resources hosted on canifi.com, a domain that is not recognized as a trusted organization or well-known service.
[PROMPT_INJECTION]: The skill contains deceptive metadata where the category is listed as 'devops' (metadata.json) despite the skill's functional purpose being 'travel' and 'flight discovery' (SKILL.md).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion point: External flight data from skiplagged.com (SKILL.md). Capability inventory: Full shell access through the installed canifi-env and shell tools (curl, bash). Boundary markers: No delimiters or instructions to ignore embedded content are present in the processing logic. Sanitization: No input validation or sanitization of external search results is performed before the data is processed by the agent.

skiplagged