paw-cra-agent-creative-director
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
init-memory.pyandtool-discovery.pyutilize thesubprocess.runfunction to check for the presence of CLI tools like ffmpeg and to initialize the project's directory structure within the.pawbytesfolder. - [EXTERNAL_DOWNLOADS]: Documentation in
references/tool-discovery.mdguides the user to install theagent-browserpackage via NPM and subsequently use the tool's built-in commands to download browser binaries. - [PROMPT_INJECTION]: The skill defines a 'Brand Profile Update' workflow in
references/brand-update.mdthat uses browser automation to visit external websites and extract specifications. This creates a surface for indirect prompt injection by placing untrusted data from the open web into the agent's context. * Ingestion points: External URLs visited byagent-browserduring brand extraction tasks. * Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' warnings for content retrieved from external sites. * Capability inventory: The skill possesses file system write access via its internal scripts, the ability to invoke sub-agents, and the capacity to interact with authenticated browser sessions. * Sanitization: Absent; content retrieved from the web is processed for specifications without explicit validation or filtering steps.
Audit Metadata