paw-ps-agent-product-builder
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a local 'sidecar' memory architecture in the .pawbytes directory to maintain product context across multiple sessions, which is a standard design pattern for complex orchestrators.
- [PROMPT_INJECTION]: The skill manages a surface for Indirect Prompt Injection by ingesting external data into the agent context. Ingestion points: Files located in .pawbytes/prodig-suites/memory/ and .pawbytes/prodig-suites/products/. Boundary markers: None explicitly defined in prompts. Capability inventory: Local file system read/write operations and routing to executor agents. Sanitization: No validation of sidecar file content. This configuration is standard for the skill's purpose and shows no signs of malicious intent.
- [DATA_EXFILTRATION]: Access is limited to project configuration and product workspace files. No patterns of network exfiltration or unauthorized credential access were identified.
Audit Metadata