paw-ps-strategist
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill is designed to read from and write to a specific local directory structure (
{project-root}/.pawbytes/prodig-suites/memory/paw-ps-sidecar/). It also accesses local configuration files (config.yamlandconfig.user.yaml) to resolve user preferences. This behavior is transparently documented and restricted to the skill's defined workspace. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection because the skill ingests data from external intelligence files (
market-intelligence.md,audience-intelligence.md) which may be produced by other agents or sources. While this could influence the generated strategy outputs, the skill lacks dangerous capabilities such as network access or shell execution to weaponize such an injection. - Ingestion points:
market-intelligence.md,audience-intelligence.md, andproduct-context.md(as defined inreferences/memory-system.md). - Boundary markers: The skill uses standard markdown headers but does not implement explicit delimiters or 'ignore' instructions for the processed content.
- Capability inventory: Capability is limited to reading and writing markdown files within the local project path. No subprocess calls, network operations, or code execution tools are present.
- Sanitization: No explicit sanitization or validation of the input file content is implemented before processing.
Audit Metadata