The Agent Skills Directory

[COMMAND_EXECUTION]: The canva.sh and canva-auth.sh scripts construct API calls by interpolating variables into shell commands. This is expected behavior for a CLI-based skill, though it relies on the calling agent to ensure inputs are sanitized to prevent shell injection.
[CREDENTIALS_UNSAFE]: The skill stores sensitive OAuth access and refresh tokens in ~/.canva/tokens.json. Security is maintained by setting restrictive file permissions (0600) on the token file to protect these credentials on the local filesystem.
[EXTERNAL_DOWNLOADS]: Network operations are restricted to the official Canva API endpoints (api.canva.com). These are well-known services necessary for the skill's primary function and do not represent unauthorized data exfiltration.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content from the Canva API and user-defined design data.
Ingestion points: CLI arguments in scripts/canva.sh and JSON responses from the Canva API.
Boundary markers: None present in the instruction set.
Capability inventory: Shell execution of curl and data parsing via jq.
Sanitization: None; data is directly interpolated into command strings.

canva