appbuilder-connector-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Option 1 explicitly asks for a workspace JSON "file path" or pasted JSON (SKILL.md Option 1: Step 1.1–1.2) and then reads/parses and uses it (e.g., aio app use --merge --no-input and aio app init --import in Step 1.5–1.6), so untrusted third‑party/user-provided JSON from the Adobe Developer Console or arbitrary files is ingested and can materially influence subsequent commands.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to run system-level install and auth commands and explicitly tells the operator to "rerun with elevated permissions" and to run GUI/open commands with elevated permissions when permission checks fail, which encourages obtaining sudo/elevated privileges and modifying user/system config files outside the workspace.