canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses simulated user history (e.g., "The user ALREADY said...") to pre-emptively shift the agent into a refinement state. It also employs high-priority markers like "CRITICAL," "IMPORTANT," and "NON-NEGOTIABLE" to override standard behavior in favor of a specific artistic persona.
- [EXTERNAL_DOWNLOADS]: Instructions include an open directive to "Download and use whatever fonts are needed." Without specific domain restrictions or trusted source lists provided in the prompt, this could lead to the retrieval of font files from untrusted external sources if the agent has internet access.
- [COMMAND_EXECUTION]: To create the requested visual outputs, the skill requires the agent to generate and execute code at runtime (typically Python with image/PDF libraries), which creates a dynamic execution surface necessary for the skill's primary function.
- [PROMPT_INJECTION]: The skill processes arbitrary user instructions to identify "subtle references" that influence the final art generation, creating a surface for indirect prompt injection.
- Ingestion points: User request body and deduced conceptual threads used as "DNA" for the art.
- Boundary markers: No specific delimiters or safety warnings are provided to prevent the agent from obeying instructions embedded in the user's conceptual input.
- Capability inventory: Runtime code generation and execution for artifact creation (PDF/PNG).
- Sanitization: No sanitization or validation of the user-provided "subtle input" is defined before it influences the generated output.
Audit Metadata