skills/adobe/skills/ops/Gen Agent Trust Hub

ops

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval in combination with node -e scripts to dynamically assign shell variables from local configuration files (~/.aem/ops-config.json) and remote API data (e.g., user profile information from /profile). This pattern allows for dynamic command generation which could be susceptible to injection if the source data is tampered with.
  • [COMMAND_EXECUTION]: The skill performs file system operations in the user's home directory (~/.aem/) to manage sensitive project settings and authentication tokens required for API access.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with Adobe's official Edge Delivery Services APIs, including admin.hlx.page and admin.da.live. These are well-known services provided by the vendor for managing AEM projects.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon data from external APIs.
    1. Ingestion points: API responses for user profiles, site configurations, and job statuses fetched via curl in SKILL.md and various resource files.
    2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted API data from the agent's internal logic.
    3. Capability inventory: The skill has access to shell command execution (Bash), file system operations (Read, Write), and network access.
    4. Sanitization: The skill uses JSON.stringify within node processing before shell evaluation, providing a layer of escaping for the processed data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 08:54 AM
Security Audit — agent-trust-hub — ops