ops
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
evalin combination withnode -escripts to dynamically assign shell variables from local configuration files (~/.aem/ops-config.json) and remote API data (e.g., user profile information from/profile). This pattern allows for dynamic command generation which could be susceptible to injection if the source data is tampered with. - [COMMAND_EXECUTION]: The skill performs file system operations in the user's home directory (
~/.aem/) to manage sensitive project settings and authentication tokens required for API access. - [EXTERNAL_DOWNLOADS]: The skill communicates with Adobe's official Edge Delivery Services APIs, including
admin.hlx.pageandadmin.da.live. These are well-known services provided by the vendor for managing AEM projects. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon data from external APIs.
- Ingestion points: API responses for user profiles, site configurations, and job statuses fetched via
curlinSKILL.mdand various resource files. - Boundary markers: No explicit delimiters or instructions are used to separate untrusted API data from the agent's internal logic.
- Capability inventory: The skill has access to shell command execution (
Bash), file system operations (Read,Write), and network access. - Sanitization: The skill uses
JSON.stringifywithinnodeprocessing before shell evaluation, providing a layer of escaping for the processed data.
- Ingestion points: API responses for user profiles, site configurations, and job statuses fetched via
Audit Metadata