paw-mkt-psychology
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute local shell scripts and batch files for environment setup and tool discovery, specifically referencing scripts located in a companion setup skill folder (
./skills/paw-mkt-setup/assets/scripts/). It also uses CLI commands for browser automation and profile management. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install external dependencies, specifically the
agent-browserpackage from Vercel's official GitHub repository and Playwright browser binaries. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it is designed to ingest and process untrusted data from live website URLs and user-provided codebases.
- Ingestion points: External data enters the context via
Context C(Live Website URL Audit) usingagent-browserorWebFetch, andContext B(Existing Local Codebase). - Boundary markers: Absent. The instructions do not define specific delimiters or warnings for the agent to ignore embedded instructions within the audited content.
- Capability inventory: The skill has access to shell execution (
agent-browser,npm, local setup scripts), file system writes (saving psychology deliverables), and network access. - Sanitization: Absent. No explicit sanitization or validation logic is defined for data fetched from remote URLs before it is processed by the agent.
- [DATA_EXFILTRATION]: The skill documents procedures for accessing and managing browser profiles (e.g.,
~/.linkedin-profile) and session state files to maintain authentication during research. This represents a capability for handling sensitive data, although it is documented with explicit security warnings to the user.
Audit Metadata