paw-mkt-agent-agency
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's operations are confined to the project's
.pawbytes/directory, preventing unauthorized access to sensitive system files, personal credentials, or global environment variables.\n- [SAFE]: Analysis confirms the absence of network operations, external downloads, or remote code execution. All logic is self-contained or routes to other local skills within the same verified suite.\n- [SAFE]: The skill implements robust Human-In-The-Loop (HITL) constraints, requiring explicit user approval before the agent can generate strategy documents, create directory structures, or produce specialist briefs.\n- [PROMPT_INJECTION]: The skill processes external brand and campaign data which constitutes an attack surface for indirect prompt injection.\n - Ingestion points: Reads
brand-context.md,strategy.md, and configuration YAML files from the local project workspace.\n - Boundary markers: The skill does not employ specific delimiters or instruction-isolation techniques for untrusted file content.\n
- Capability inventory: Capabilities include file system discovery (glob), file reading, and user-approved file writing within the brand workspace.\n
- Sanitization: Marketing context and configuration data are not subjected to formal validation or escaping before processing.
Audit Metadata