skills/adobe/skills/audit/Gen Agent Trust Hub

audit

Fail

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes npx -y modern-web-guidance@latest, which downloads and runs unpinned code from the NPM registry at runtime. This pattern is high-risk as it allows for arbitrary code execution from a third-party source without version pinning or integrity verification.
  • [EXTERNAL_DOWNLOADS]: The skill depends on external resources including the modern-web-guidance NPM package and the PageSpeed Insights API. These dependencies are fetched at runtime from external services.
  • [DATA_EXFILTRATION]: The --deploy functionality implements a "DA transport" protocol to publish the generated report.html. This involves sending data to an external destination using HTTP PUT and POST methods, which constitutes an exfiltration path for generated audit data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and analyzing untrusted data from user-provided URLs. Maliciously crafted content on the audited website could attempt to override the agent's instructions during the critique or reporting phases.
  • Ingestion points: Website content is extracted into pages/*.json and brand-review.html (via the extract skill) which are then read by the audit process.
  • Boundary markers: The skill instructions do not specify the use of clear delimiters or "ignore embedded instructions" warnings when processing the ingested website data.
  • Capability inventory: The agent has access to powerful tools including shell command execution (curl, npx, node), filesystem writes, and network operations via the deploy protocol.
  • Sanitization: There is no evidence of sanitization or validation of the extracted site content before it is processed by the AI agent for generating findings and synthesis.
  • [COMMAND_EXECUTION]: The skill utilizes several shell-based tools for its operations, including curl for checking site semantics and headers, node for recording findings in a rollout ledger (skills/rollout/scripts/findings.mjs), and npx for fetching remediation guides.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 3, 2026, 12:44 PM
Security Audit — agent-trust-hub — audit