appbuilder-connector-setup
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official @adobe/aio-cli package globally and uses npx to execute an external helper package.
- [REMOTE_CODE_EXECUTION]: It executes 'appbuilder-connector-interactive-onboarding' using npx, which downloads and runs code from the npm registry without explicit version pinning or integrity checks.
- [COMMAND_EXECUTION]: The skill performs multiple system operations including shell environment modification (env CI=), directory creation (mkdir), and opening URLs (open) captured from command output to facilitate browser-based authentication.
- [DATA_EXFILTRATION]: The skill reads and processes Adobe Developer Console workspace JSON files which contain sensitive metadata such as organization names, project IDs, and workspace configurations.
Audit Metadata