Skills
skills/pawbytes/creative-agency-suites/paw-cra-design-batch/Gen Agent Trust Hub

paw-cra-design-batch

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches generated visual assets from the fal.ai API services.
  • [COMMAND_EXECUTION]: The production loop executes shell-based curl commands to interact with the fal.ai generation queue and potentially uses Puppeteer/Playwright for template rendering.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from campaign briefs and calendars which is then interpolated into prompts for the AI image generation model.
  • Ingestion points: Parsed campaign briefs and content calendars defined in references/brief-intake.md.
  • Boundary markers: Not explicitly defined in the intake or generation protocols.
  • Capability inventory: Local file system writes for assets and logs, network requests via curl to fal.run, and automated rendering via browser-based tools.
  • Sanitization: No specific sanitization or filtering logic is described for the incoming brief data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 02:02 PM