handover-admin
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Executes local shell commands to navigate the project structure, manage local configuration in
.claude-plugin/, and use Node.js for JSON parsing. - [EXTERNAL_DOWNLOADS]: Communicates with Adobe's official AEM Admin API (
https://admin.hlx.page) to retrieve site configurations and project details. This is an expected behavior for an Adobe-authored management tool. - [DATA_EXFILTRATION]: Accesses the local IMS token file at
~/.aem/ims-token.jsonto authenticate API requests to Adobe services. While this involves sensitive credential access, it is performed by the vendor's own skill to interact with its official infrastructure. - [PROMPT_INJECTION]: Subject to Indirect Prompt Injection (Category 8). The skill fetches site metadata from an external API and interpolates it into the generated documentation without explicit sanitization.
- Ingestion points: Site configuration data retrieved from
https://admin.hlx.page/config/(documented in Phase 1.1). - Boundary markers: Absent; API data is placed directly into markdown templates for the admin guide.
- Capability inventory: The skill can write files (
Write), execute shell commands (Bash), and invoke other skills (Skill). - Sanitization: No sanitization or validation of the external API content is performed before generating the
ADMIN-GUIDE.mdfile.
Audit Metadata