canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a 'context-faking' technique in the 'FINAL STEP' section of SKILL.md. It instructs the agent to behave as if the user has already provided specific feedback ('It isn't perfect enough...') to trigger a 'refinement' mode. This is a form of instruction manipulation used to override the agent's perception of the conversation state.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes user-provided inputs as the core conceptual basis for its outputs without security boundaries.
- Ingestion points: User input or instructions used as a 'foundation' and 'conceptual DNA' (SKILL.md).
- Boundary markers: Absent; there are no instructions to ignore commands potentially embedded in the user-provided themes.
- Capability inventory: The skill is capable of generating various files (.md, .pdf, .png), searching the filesystem (./canvas-fonts), and is instructed to download external font resources.
- Sanitization: No sanitization, validation, or source-checking for external resources or user input is defined.
Audit Metadata