The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The runScript command in handler.js accepts a raw script string from the agent/user, writes it to a temporary .jsx file, and then triggers its execution via system bridges. This effectively allows the execution of arbitrary code on the host machine.
[COMMAND_EXECUTION] (HIGH): The skill uses child_process.spawnSync to invoke cscript (Windows) or osascript (macOS). While the command arguments themselves are mostly static, they are used to facilitate the execution of the dynamic JSX payload.
[DATA_EXFILTRATION] (HIGH): The Adobe ExtendScript engine includes powerful File and Folder objects. Any script passed to this skill can access sensitive locations like ~/.ssh/, ~/.aws/credentials, or browser cookies and potentially exfiltrate them via ExtendScript's socket or HTTP capabilities (depending on the specific Adobe app version).
[INDIRECT PROMPT INJECTION] (HIGH): This skill is highly susceptible to indirect injection. If an agent is asked to 'Summarize this file and then run a script based on it,' an attacker can embed malicious JSX in the source file that the agent will then pass to the runScript command without realizing the danger.
[DYNAMIC EXECUTION] (CRITICAL): The core logic in handler.js (lines 80-92) implements a classic 'write-then-execute' pattern for untrusted code, which is the primary vector for system compromise in AI agent environments.

adobe-automator