canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a "conversation turn spoofing" technique by instructing the agent to act as if the user has already provided specific critical feedback ("The user ALREADY said..."). This is designed to override the agent's default output quality and style by creating a fake context.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to "Download and use whatever fonts are needed," which implies performing network requests to acquire third-party binary assets from unverified locations at runtime.
- [COMMAND_EXECUTION]: The skill requires the generation of .pdf and .png files based on abstract instructions. This involves the use of system-level image and document processing tools, which constitutes an attack surface if user-provided design topics contain malicious patterns designed to exploit those tools.
- [PROMPT_INJECTION]: The skill processes user-provided topics to deduce a "subtle conceptual thread" for the art. This design creates a surface for indirect prompt injection where user-supplied content could attempt to hijack the design process or file generation functionality.
Audit Metadata