Searching AEM Documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to run a local Node.js script located at .claude/skills/docs-search/scripts/search.js. This is an execution point that relies on the integrity of the local skill files.
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses WebFetch to retrieve documentation from aem.live and implements a local caching mechanism. Per [TRUST-SCOPE-RULE], these downloads from a primary documentation source are considered LOW risk.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted external data enters the agent context through search results and full-page content fetched via WebFetch from aem.live. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions embedded within the documentation. 3. Capability inventory: The agent has subprocess execution (node) and file writing (caching) capabilities. 4. Sanitization: Absent; the agent is directed to read and process external content directly. A compromised documentation page could contain malicious instructions that the agent might execute.
Recommendations
- AI detected serious security threats
Audit Metadata