paw-cra-design-brand
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external inputs in generative workflows.
- Ingestion points: The skill ingests untrusted data from user-supplied briefs (SKILL.md Step 1) and brand guideline files (SKILL.md Step 2).
- Boundary markers: There are no explicit delimiters or instructions for the AI to ignore embedded commands when these inputs are interpolated into the final prompts for the fal.ai models.
- Capability inventory: The skill possesses significant capabilities, including network access via curl and local document rendering via Puppeteer/Playwright.
- Sanitization: The instructions do not specify any validation or sanitization steps for the brief content before it is processed.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to interact with external AI infrastructure.
- It communicates with the fal.ai API endpoints (queue.fal.run) to submit generation jobs.
- It downloads generated image assets from remote URLs to the local project directory for final processing.
Audit Metadata