adobe-photoshop-web

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These links point to an untrusted/unknown domain and include direct shell scripts (install.sh) intended to be run via curl | bash — executing unverified remote scripts is a high-risk vector for malware or credential theft.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Install and setup instructions include fetching and piping remote scripts to the shell (curl -sSL https://canifi.com/skills/adobe-photoshop-web/install.sh | bash and curl -sSL https://canifi.com/install.sh | bash), which download and execute remote code and are presented as required setup for the skill (canifi-env), so they constitute runtime external dependencies that execute remote code.