canvas-populate
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several shell utilities including
curl,cp,find, andidentify. It also runs a local validation scriptscripts/canvas_validate.pyon the resulting JSON files. - [REMOTE_CODE_EXECUTION]: The skill uses a Python one-liner
python3 -c "from PIL import Image; img=Image.open('[path]'); ..."to determine image dimensions. The[path]variable is interpolated directly into the Python command string. If[path]contains unsanitized characters like single quotes, an attacker could execute arbitrary Python code in the host environment. - [EXTERNAL_DOWNLOADS]: The
add imagefunction usescurl -sLto download files from arbitrary URLs provided by the user or external sources. This lack of URL validation could lead to the download of malicious content or Server-Side Request Forgery (SSRF). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data (URLs and remote filenames) and incorporates them into execution paths.
- Ingestion points: External URLs and local file paths in SKILL.md.
- Boundary markers: None identified.
- Capability inventory: Shell command execution (
curl,find), Python execution, and file system write access in SKILL.md. - Sanitization: No evidence of escaping or validation for variables used in command interpolation.
Audit Metadata