photoshop-automator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The 'runScript' command in 'handler.js' accepts arbitrary ExtendScript (JSX) code and executes it via Photoshop. ExtendScript has built-in 'File' and 'Folder' objects that provide full read/write access to the host filesystem, allowing for remote code execution and data theft if the agent is manipulated.
- [COMMAND_EXECUTION] (HIGH): The skill uses 'child_process.spawnSync' to run 'cscript' and 'osascript'. It writes temporary executable files (VBScript and JSX) to the OS temp directory, which is a classic pattern for executing unauthorized commands.
- [INDIRECT_PROMPT_INJECTION] (HIGH): In 'handler.js', the skill ingests untrusted data from 'ctx.params' and interpolates it into script templates. There are no boundary markers or strict sanitization protocols to prevent an attacker from injecting malicious JSX instructions through parameters like 'script', 'layerName', or 'path'.
- [DYNAMIC_EXECUTION] (MEDIUM): The 'createLayer' command uses 'eval()' within the generated JSX to resolve blending modes. Using 'eval()' on string-manipulated user input ('blendMode.toUpperCase()') creates an unnecessary attack surface for code injection within the ExtendScript environment.
Recommendations
- AI detected serious security threats
Audit Metadata