paw-cra-setup
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
merge-config.py,merge-help-csv.py) to manage project configuration and registry files. It also uses standard filesystem commands (mkdir -p) to create necessary project directories. - [DATA_EXFILTRATION]: The skill collects sensitive data including API keys for Fal.ai, ElevenLabs, and Pexels. These are stored in a specific user-level configuration file (
.pawbytes/config/config.user.yaml) which the skill instructions specify should be gitignored, preventing accidental exposure in shared repositories. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests user-provided strings (e.g., user name, language preferences) and writes them into configuration files and a capability registry (
module-help.csv). These files are subsequently used to influence agent behavior and menu displays. - Ingestion points: User responses to configuration prompts in
SKILL.md. - Boundary markers: Not explicitly used in the target YAML/CSV files.
- Capability inventory: Local command execution (
python3,mkdir) and project-level file writing. - Sanitization: Employs
yaml.safe_load()in its configuration scripts to prevent arbitrary code execution during YAML parsing.
Audit Metadata