Skills
skills/pawbytes/skill-suites/paw-cra-design-batch/Gen Agent Trust Hub

paw-cra-design-batch

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from content calendars or campaign briefs to generate AI prompts, creating a surface for indirect prompt injection.
  • Ingestion points: Campaign brief and content calendar data parsed in references/brief-intake.md (Step 1).
  • Boundary markers: Absent; visual directions and copy are interpolated directly into generation prompts in references/batch-generation.md (Step 2).
  • Capability inventory: Network access via curl to fal.ai; file system writes to organized campaign bundle folders in the .pawbytes/ directory.
  • Sanitization: Absent; the skill does not explicitly filter or validate ingested data for embedded instructions or malicious patterns.
  • [EXTERNAL_DOWNLOADS]: Fetches visual assets and performs generation requests via the well-known fal.ai service (https://queue.fal.run). This activity is central to the skill's primary purpose.
  • [COMMAND_EXECUTION]: References the use of standard processing tools including ffmpeg for animated carousels and Puppeteer or Playwright for template rendering. These tools are verified for availability during the initialization phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 09:36 AM