paw-cra-agent-designer
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, utilizing tools like curl for API interactions, ffmpeg for video processing, and jq for parsing JSON data as documented in references/ai-models-guide.md. It also uses Node.js for template rendering via Puppeteer or Playwright.
- [EXTERNAL_DOWNLOADS]: The skill is configured to use curl to download generated image assets from fal.ai infrastructure (e.g., https://queue.fal.run), which is necessary for the visual production workflow.
- [DATA_EXFILTRATION]: The skill accesses local configuration files at .pawbytes/config/config.yaml to retrieve the fal_key API credential, which is then transmitted along with design prompts to the external fal.ai service to generate assets.
- [PROMPT_INJECTION]: The research capability described in references/research-capability.md creates a surface for indirect prompt injection by instructing the agent to fetch platform specifications and trends from arbitrary web sources and store them in the local knowledge base. Ingestion points: Web results from platform and trend research. Boundary markers: Absent; no delimiters or ignore-instructions are specified for the researched content. Capability inventory: Execution of shell commands (curl, ffmpeg) and Node.js scripts, plus filesystem write access. Sanitization: No content validation or filtering is described before storing retrieved data.
Audit Metadata