canvas-layout
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables like [canvas_path] and [options] directly into the command string (
python3 scripts/canvas_layout.py [canvas_path] [algorithm] [options]). This presents a command injection risk if these variables contain shell metacharacters such as semicolons or pipes. Evidence: Workflow steps 4 and 6. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because the agent is directed to analyze untrusted canvas content to determine layout strategies for complex files. Evidence: 'For Complex Layouts (30+ Nodes)' section.
- Ingestion points: Target Obsidian canvas files and local reference markdown files (
../canvas/references/). - Boundary markers: Absent; the agent reads content without delimiters to separate data from instructions.
- Capability inventory: Execution of shell commands via
python3for file manipulation. - Sanitization: No input validation or sanitization is mentioned for the canvas data or command arguments.
Audit Metadata