adobe-illustrator-web
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's installation process requires users to pipe a remote shell script directly to bash (
curl -sSL https://canifi.com/skills/adobe-illustrator-web/install.sh | bash). This grants the hostcanifi.comthe ability to execute arbitrary commands on the user's system with their current privileges. - [EXTERNAL_DOWNLOADS]: The skill depends on several external scripts and environment configuration tools hosted on
canifi.com, a domain that is not recognized as a trusted vendor or service. This introduces a significant supply chain vulnerability. - [CREDENTIALS_UNSAFE]: The documentation explicitly instructs users to store sensitive credentials, such as
ADOBE_PASSWORDandSERVICE_PASSWORD, in local environment variables. These plaintext secrets are accessible to any local process, including the AI agent and the unverified installation scripts downloaded from the internet. - [PROMPT_INJECTION]: The skill lacks defined boundary markers and sanitization when interpreting user requests for browser-based tasks. This creates an attack surface where malicious content from the Adobe Illustrator web interface could potentially influence the agent's behavior via indirect prompt injection.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/adobe-illustrator-web/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata