adobe-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a legitimate integration with Adobe Firefly Services using standard TypeScript templates for API interaction. No malicious code or obfuscation was found.
- [DATA_EXFILTRATION]: The skill makes network requests to
firefly-api.adobe.io. This is a well-known service and the operations (sending prompts and receiving image URLs) are consistent with the skill's stated purpose of image generation. - [CREDENTIALS_UNSAFE]: The code correctly manages authentication by using environment variables (
process.env.ADOBE_CLIENT_ID) and an external client for access tokens, following security best practices to avoid hardcoded credentials. - [PROMPT_INJECTION]: The skill processes user-supplied strings as prompts for image generation.
- Ingestion points: The
promptargument in various TypeScript functions inSKILL.md. - Boundary markers: Not present in the code snippets; the agent is expected to pass sanitized or intended strings.
- Capability inventory: Network requests via
fetchto Adobe's API. - Sanitization: Relies on Adobe's server-side content policy enforcement as noted in the error handling section (400 prompt rejected).
Audit Metadata