paw-cra-creative-director
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a script (
scripts/tool-discovery.py) that usessubprocess.runto verify the availability and versions of CLI tools such asffmpegandagent-browser. This is a legitimate environment check performed with safe argument passing. - [EXTERNAL_DOWNLOADS]: The skill provides instructions and references for well-known creative APIs and services, including fal.ai, Pexels, and ElevenLabs. It documents how the user can configure these via local configuration files according to platform standards.
- [DATA_EXFILTRATION]: The skill manages a local memory system within the
.pawbytes/directory to store brand profiles, briefs, and campaign status. It facilitates the creation of asocial-auth.jsonfile viaagent-browserfor authenticated research, but this is presented as a user-controlled feature for automation and does not involve unauthorized data transmission. - [SAFE]: No prompt injection, obfuscation, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of creative orchestration.
Audit Metadata