auth
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches data from a remote endpoint at https://admin.hlx.page/config/${ORG}/sites.json and extracts values that are subsequently interpolated into shell commands. This pattern allows for remote command injection if the API response contains shell metacharacters (such as backticks or subshell syntax), as the values are expanded within a double-quoted string in a Bash execution context.
- [COMMAND_EXECUTION]: Multiple shell commands are constructed using variables derived from external sources and user input. This includes the use of
npx playwright openandnode -efor dynamic script execution without input sanitization. - [EXTERNAL_DOWNLOADS]: The skill installs the
playwrightpackage and its Chromium browser dependency from the npm registry to facilitate browser-based login functionality. - [DATA_EXFILTRATION]: The skill captures and stores sensitive Adobe ID authentication tokens in the
.claude-plugin/directory. While this is the intended core functionality of the skill, storing raw credentials on the local filesystem represents a security risk. The skill attempts to mitigate exposure by adding the directory to the project's.gitignorefile.
Recommendations
- HIGH: Downloads and executes remote code from: https://admin.hlx.page/config/${ORG}/sites.json - DO NOT USE without thorough review
Audit Metadata