canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill employs conversation hijacking in the 'FINAL STEP' section by asserting that the user has already provided specific feedback ("It isn't perfect enough"). This technique attempts to override the agent's perception of the current dialogue state to force an aggressive refinement loop.
- [PROMPT_INJECTION]: The 'DEDUCING THE SUBTLE REFERENCE' mechanism primes the agent to extract hidden meaning from untrusted user input (Ingestion Point) without boundary markers. Since the agent has the capability to generate files and execute code (Capability Inventory) to manifest these designs without sanitization or instructions to ignore embedded commands (Sanitization), this creates a significant indirect prompt injection surface.
- [EXTERNAL_DOWNLOADS]: Vague instructions to 'Download and use whatever fonts are needed' encourage the agent to fetch unverified third-party files if local resources are insufficient, posing a risk of processing malicious font file formats or accessing untrusted domains.
Audit Metadata