canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill simulates a conversation history within its instructions. The "FINAL STEP" section claims the user already requested a "masterpiece," which is used to override standard behavior and force an intensive refinement phase.
- [PROMPT_INJECTION]: High-priority markers like "CRITICAL" and "IMPORTANT" are used to emphasize specific creative constraints, potentially overriding the agent's default safety or operational guidelines.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download external font assets from the internet if they are not available locally, which introduces a dependency on unspecified and untrusted sources.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting user-provided conceptual inputs to guide art creation.
- Ingestion points: User input defining the "subtle conceptual thread" in SKILL.md.
- Boundary markers: Absent; no delimiters are used to separate user data from instructions.
- Capability inventory: File generation (.pdf, .png) likely requiring code execution capabilities.
- Sanitization: Absent; the skill does not specify any validation for processed inputs.
Audit Metadata