canvas-present
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts, specifically
scripts/canvas_template.pyandscripts/canvas_validate.py, to generate and verify Obsidian Canvas structures based on provided parameters. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when utilizing the
/canvas present from [notes]operation, which parses untrusted external content into the agent's context. - Ingestion points: Markdown notes and wiki pages read by the agent to extract slide content (H1/H2 headings, paragraphs, and lists).
- Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded within the source notes.
- Capability inventory: The skill has the ability to execute local subprocesses (Python scripts) and perform file system modifications using the Edit tool.
- Sanitization: There is no evidence of sanitization or validation of the extracted markdown content before it is processed and written to the canvas file.
Audit Metadata