Photoshop
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: References the 'flue' package (available on PyPI and GitHub) as a dependency. The instructions explicitly state that the agent must obtain human approval before performing installation or setup tasks.
- [COMMAND_EXECUTION]: Operates by executing a local Python script (
photoshop_bridge.py) which acts as a bridge to send scripts to Adobe Photoshop's internal runtime. - [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent processes JSON data returned from Photoshop. The skill includes instructions to use small, inspectable steps to mitigate risks associated with processing external state.
- [SAFE]: The skill contains a hardcoded local file path (
C:\Users\fredd\.claude\skills\flue\SKILL.md) in its documentation. While this exposes the author's local environment username, it does not pose a security threat to the user or the agent's environment.
Audit Metadata