adobe-illustrator-web

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs storing and using plain-text credentials (canifi-env set ADOBE_PASSWORD "your-password") and an automated auth flow that requires entering email/password via Playwright, which risks the LLM needing to include secret values verbatim in commands or automation steps.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). Suspicious: these links point to an unverified third‑party domain (canifi.com) that provides direct shell installers (install.sh) and explicit curl | bash instructions and credential storage — a classic high‑risk vector for malware or credential theft and not an official Adobe distribution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Install and setup steps instruct running remote install scripts that are fetched and executed (curl -sSL https://canifi.com/skills/adobe-illustrator-web/install.sh | bash and curl -sSL https://canifi.com/install.sh | bash), meaning external content is executed and thus can directly control the agent environment.