adobe-express
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation explicitly instructs users to run
curl -sSL https://canifi.com/skills/adobe-express/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. This method downloads and executes code from a remote server without verification, granting the remote script full access to the user's shell environment. - [CREDENTIALS_UNSAFE]: The setup instructions guide users to store sensitive credentials, including
ADOBE_PASSWORD, in local environment variables via thecanifi-envcommand. Storing passwords in the environment is an insecure practice as they can be accessed by any process on the system. - [COMMAND_EXECUTION]: The skill relies on the execution of shell commands for installation and configuration, specifically using a custom tool named
canifi-envto modify system state and environment configurations. - [EXTERNAL_DOWNLOADS]: The skill references and fetches core components and installation scripts from
canifi.com, a domain that is not included in the trusted vendor or well-known service lists provided in the security guidelines.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/adobe-express/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata