canva-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and metadata. No Python scripts, JavaScript files, or shell commands are included within the skill package.
- [EXTERNAL_DOWNLOADS] (SAFE): While the documentation references an external MCP endpoint (https://rube.app/mcp), this is a configuration requirement for the user's environment and does not involve the skill downloading or executing untrusted code automatically.
- [COMMAND_EXECUTION] (SAFE): No command execution patterns or shell script invocations were detected. The skill purely interacts with structured tool definitions provided by the Rube MCP.
- [DATA_EXFILTRATION] (SAFE): Data operations (uploads, exports) are performed through authenticated Canva API channels via the MCP server. There are no patterns indicating the unauthorized transmission of sensitive data to third-party attackers.
- [PROMPT_INJECTION] (SAFE): The instructions follow a standard workflow pattern and do not contain hidden overrides, system prompt extraction attempts, or 'jailbreak' style language.
Audit Metadata