aem-cli
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@adobe/aem-clipackage from the official NPM registry and references thehelix-importer-uirepository on GitHub. These are legitimate development tools provided by the vendor. - [COMMAND_EXECUTION]: The skill provides a comprehensive set of shell commands for operating the AEM CLI, including starting the local development server (
aem up), the import server (aem import), and managing content synchronization (aem content). It also utilizes standard utilities such ascurl,mkcert, andopensslfor certificate management. - [DATA_EXFILTRATION]: The instructions describe how to read an OAuth access token from a local configuration file (
.hlx/.da-token.json) and use it to authenticatecurlPOST requests to the vendor'sadmin.da.liveservice. This activity is a documented part of the skill's primary function for synchronizing local content with the remote platform.
Audit Metadata