paw-mkt-video
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install 'agent-browser' from Vercel Labs' official GitHub repository (github.com/vercel-labs/agent-browser). As this targets a trusted organization, the reference is considered safe.
- [COMMAND_EXECUTION]: The skill references local setup scripts (
tool-discovery.shandchrome-profiles.sh) located within the vendor's (pawbytes) workspace. These are used to identify available tools and browser profiles required for marketing research. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) when performing 'Live Website URL Audits'.
- Ingestion points: External data is ingested via browser automation tools or WebFetch when reviewing live URLs (referenced in
references/shared-patterns.md). - Boundary markers: None explicitly defined for the ingested website content.
- Capability inventory: The skill has the ability to write files (saving scripts and strategies to
.pawbytes/marketing-suites/) and perform network operations. - Sanitization: No explicit sanitization or filtering of the scraped website content is mentioned.
- [CREDENTIALS_UNSAFE]: The skill provides detailed instructions on managing authenticated browser sessions for platforms like LinkedIn and X (Twitter). It demonstrates best practices by instructing the user to add session token files to
.gitignoreand use dedicated browser profiles to prevent accidental exposure.
Audit Metadata