adobe-illustrator-operator

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a helper script scripts/probe_illustrator_asset.py that executes standard system utilities (file, pdfinfo) to gather asset metadata. These operations are performed using the safe subprocess.run API with argument lists, mitigating command injection risks. The usage is strictly for local file inspection.
  • [EXTERNAL_DOWNLOADS]: References are made to an optional bridge tool named 'Flue'. The instructions explicitly prohibit automatic installation of external software, requiring user approval and existing installation checks (pip show flue), which aligns with security best practices.
  • [PROMPT_INJECTION]: The skill provides robust system-level instructions and safety guardrails, such as 'Never save, close, overwrite... unless the user explicitly asks' and 'Do not open or mutate Illustrator by reflex'. These instructions are designed to constrain the agent's behavior to safe, non-destructive actions.
  • [DATA_EXFILTRATION]: No network operations or unauthorized data access patterns were detected. The skill focuses on local file manipulation and rendering of assets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 12:23 PM
Security Audit — agent-trust-hub — adobe-illustrator-operator