paw-cra-campaign-orchestration
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture relies on parsing external campaign briefs which serves as a potential surface for indirect prompt injection into downstream workflows.
- Ingestion points: Untrusted campaign data is ingested from
{project-root}/.pawbytes/creative-suites/brands/{brand-name}/campaigns/{campaign-name}/brief.mdin Stage 01. - Boundary markers: The dispatch instructions for sub-agents in Stage 03 do not explicitly define boundary markers (such as XML tags or unique delimiters) to isolate potentially adversarial content in the brief from the orchestrator's instructions.
- Capability inventory: The skill dispatches tasks to several sub-agents (
paw-cra-agent-designer,paw-cra-agent-video-producer) with autonomous execution enabled via the--headlessflag. - Sanitization: No explicit sanitization or natural language validation is performed on the brief content before it is used to generate prompts for the production agents.
Audit Metadata