paw-cra-content-research
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to invoke the
agent-browserCLI tool for social media analysis (Instagram, TikTok, LinkedIn) when local authentication sessions are available. This is a standard function for the intended research workflow. - [SAFE]: The skill accesses local configuration files and authentication sessions stored within the
.pawbytesdirectory structure. This data is used to personalize research and authenticate browser tools within the vendor's own environment. There is no evidence of these credentials being exfiltrated to unauthorized third parties. - [SAFE]: No evidence of prompt injection, obfuscation, or malicious persistence mechanisms was found. The skill uses well-known search tools (Exa MCP) and follows a structured pipeline for data collection and report generation.
- [SAFE]: Although the skill processes external data (competitor websites and trends), it is a standard research automation surface. The risk of indirect prompt injection is mitigated by the skill's primary focus on generating production briefs rather than executing code based on the researched content.
Audit Metadata