adobe-photoshop-web
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file
SKILL.mdexplicitly directs users to perform a 'Quick Install' by runningcurl -sSL https://canifi.com/skills/adobe-photoshop-web/install.sh | bash. Pining remote content directly to a shell is a major security vulnerability that allows the execution of arbitrary, unvetted code. - [REMOTE_CODE_EXECUTION]: The setup documentation further instructs users to install a environment management tool using
curl -sSL https://canifi.com/install.sh | bash, which repeats the high-risk execution pattern from an untrusted domain. - [EXTERNAL_DOWNLOADS]: The skill requires downloading setup and installation scripts from
canifi.com, which is not a verified or trusted service according to the security guidelines. - [CREDENTIALS_UNSAFE]: The 'Setup' and 'Privacy & Authentication' sections of
SKILL.mdprompt users to store sensitive credentials such asADOBE_EMAILandADOBE_PASSWORDusing a CLI tool (canifi-env). Storing plaintext passwords in environment variables or local configuration files accessible to the AI agent creates a significant risk of data exposure. - [COMMAND_EXECUTION]: The skill uses various shell commands for its lifecycle, including
cpand the execution of installation scripts, providing an attacker with a vector to compromise the host system if the remote source is malicious.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/adobe-photoshop-web/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata