paw-mkt-agency
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill adopts a 'coordinator-not-creator' principle, ensuring it does not generate unsupervised marketing content. All deliverables, including strategy documents and specialist briefs, require explicit user review and approval before creation.
- [SAFE]: File system interactions are restricted to the local project root (specifically within the .pawbytes directory). The skill utilizes glob patterns and local file reads to maintain project state without escalating privileges or accessing system-level directories.
- [SAFE]: No evidence of exfiltration or unauthorized network communication was found. External URLs and well-known services are not referenced in a manner that triggers risk, and no third-party code dependencies are installed at runtime.
- [PROMPT_INJECTION]: The skill ingests data from brand-context.md and other local project files. While this creates a potential surface for indirect prompt injection, the risk is mitigated to a safe level by the strict human-in-the-loop requirements for all subsequent file writes and routing decisions. Ingestion points: .pawbytes/marketing-suites/brands/*/brand-context.md. Capability inventory: Local directory creation and markdown file generation. Boundary markers: Not explicitly specified in instructions. Sanitization: Accomplished via mandatory user approval gates.
Audit Metadata