skills/adobe/skills/uplift/Gen Agent Trust Hub

uplift

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection by processing content from external URLs.
  • Ingestion points: Data is fetched from external websites using the stardust:extract tool.
  • Boundary markers: The skill separates the brand extraction phase from the redesign logic and uses structured data keys to isolate attributes.
  • Capability inventory: The tool can execute local file operations and use the system open command.
  • Sanitization: It implements a 'Content sourcing scan' in Phase 2 and uses [data-placeholder] for content verification, effectively neutralizing instructions embedded in the crawled content.
  • [COMMAND_EXECUTION]: The skill uses the system open command to launch local HTML prototype files in the default browser. This is a functional requirement for previewing generated designs and is used safely within the skill's workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 06:41 AM
Security Audit — agent-trust-hub — uplift