adobe-automator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: this skill writes and executes arbitrary ExtendScript (JSX) in local Adobe applications—engines that expose filesystem and networking primitives—so while handler.js contains no direct exfiltration or obfuscated payloads, the capability itself can be used to read/modify files, steal credentials, perform network exfiltration, spawn commands, or install persistence, and there is no input sanitization or restrictions on the provided script.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's handler (handler.js) directly writes and executes arbitrary, user-provided ExtendScript from ctx.params.script (saved to a temp .jsx and run via cscript/osascript), meaning the agent must ingest and interpret untrusted user-generated script content which can carry indirect prompt-injection or malicious behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly executes arbitrary ExtendScript/JSX with unrestricted File/Folder filesystem access (and can be routed through OS script hosts), enabling deletion/modification of system files, data exfiltration, or other persistent changes to the host, so it can compromise the machine.