canvas-design
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative markers and a state-manipulation technique by simulating prior user feedback ('The user ALREADY said...') to override the agent's default response flow and force a 'refinement' state.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to 'Download and use whatever fonts are needed' without providing specific trusted sources or domains, potentially leading to the acquisition of binary assets from untrusted third-party websites.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: User input provided during the philosophy creation phase in SKILL.md.
- Boundary markers: Absent; user input is used as a foundation without delimiters or instructions to ignore embedded commands.
- Capability inventory: File system write access (.md, .pdf, .png) and potential network access for font downloads.
- Sanitization: Absent; the skill contains no logic to filter or validate user-supplied content.
Audit Metadata