paw-cra-design-brand
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard CLI tools including curl, jq, potrace, and ffmpeg to perform asset generation, JSON parsing, and image processing tasks. User-provided variables are interpolated into these shell commands to facilitate dynamic model requests.
- [EXTERNAL_DOWNLOADS]: The skill downloads AI-generated images from fal.ai endpoints (queue.fal.run). These downloads originate from a well-known technology service and are essential for the skill's primary function.
- [DATA_EXFILTRATION]: The skill reads sensitive API credentials (fal_key) from local configuration files located at .pawbytes/config/config.yaml. These credentials are required for authenticating requests to the image generation service.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting untrusted data from user briefs and brand guidelines (guidelines.md). 1. Ingestion points: User briefs and brand-specific guidelines. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates. 3. Capability inventory: The skill has network access (curl), browser rendering capabilities (Puppeteer), and local file-write permissions. 4. Sanitization: No sanitization of user-provided content is performed before it is interpolated into model prompts or shell commands.
Audit Metadata