Skills
skills/aaaaqwq/agi-super-team/canva-automation/Gen Agent Trust Hub

canva-automation

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server endpoint https://rube.app/mcp to their configuration. This remote server provides the tool definitions and logic used by the agent to interact with Canva.
  • [REMOTE_CODE_EXECUTION]: By connecting to an external MCP server from an unknown vendor, the agent dynamically loads and relies on code/logic provided by a remote source, which could be modified to perform unauthorized actions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes user-controlled data from Canva without sanitization.
  • Ingestion points: Design titles retrieved via CANVA_LIST_USER_DESIGNS and brand template metadata from CANVA_ACCESS_USER_SPECIFIC_BRAND_TEMPLATES_LIST in SKILL.md.
  • Boundary markers: The skill does not define delimiters or instructions for the agent to ignore potentially malicious content within retrieved data fields.
  • Capability inventory: The skill has the ability to upload files from arbitrary URLs via CANVA_CREATE_ASSET_UPLOAD_JOB and export designs through CANVA_CREATE_CANVA_DESIGN_EXPORT_JOB, which could be exploited by an injection attack.
  • Sanitization: No input validation, escaping, or filtering of metadata retrieved from the Canva API is specified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 06:58 AM