canvas-create
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/canvas_validate.pyto verify the structure and validity of newly created canvas files. This is a vendor-provided script and part of the skill's standard workflow. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It accepts user-defined names and template parameters which are subsequently used to 'Replace ALL placeholder text' with 'real, relevant content'. An attacker could provide a canvas title containing instructions designed to manipulate the agent's behavior during this content generation phase.
- Ingestion points: User-provided canvas names and template-specific parameters.
- Boundary markers: None identified.
- Capability inventory: File creation, directory management, and use of an 'Edit tool' to modify node content.
- Sanitization: No sanitization or validation of user-provided titles is documented before they are used to generate content.
Audit Metadata