canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses a "simulated history" technique in the FINAL STEP section, instructing the agent to assume the user has already expressed a specific desire for perfection ("The user ALREADY said..."). This can lead the agent to override actual user feedback.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes user-provided inputs without sanitization or boundary markers. 1. Ingestion points: design-brief and creative-direction (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: File creation (pdf, png, md). 4. Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to "Download and use whatever fonts are needed," which encourages fetching content from unspecified remote sources.
- [NO_CODE]: The skill consists entirely of markdown instructions and license documentation with no executable scripts or source code.
Audit Metadata