preview-import
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes 'aem up' to start a local development server for Adobe Experience Manager Edge Delivery Services. This is the intended behavior for the tool's primary purpose.
- [Indirect Prompt Injection] (SAFE): The skill utilizes 'documentPath' from local 'metadata.json' files to construct URLs. 1. Ingestion points: metadata.json. 2. Boundary markers: Absent. 3. Capability inventory: Local file access and subprocess execution. 4. Sanitization: Absent. The risk is considered negligible as the operation is confined to a local development environment and standard project files.
- [Data Exposure & Exfiltration] (SAFE): File access is limited to local project resources such as screenshots and HTML files. No patterns of sensitive data exfiltration or hardcoded credentials were identified.
Audit Metadata