canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses a "Final Step" instruction that hallucinates a user request ("The user ALREADY said 'It isn't perfect enough...' ") to force the model into a specific behavioral state (refinement), which is a common technique for bypassing standard persona constraints.
- [EXTERNAL_DOWNLOADS]: The "Canvas Creation" section explicitly directs the agent to "Download and use whatever fonts are needed", encouraging the acquisition of assets from unverified and potentially untrusted remote sources at runtime.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied "subtle input" to derive artistic themes without boundary markers or sanitization, creating a surface for malicious instructions to influence the AI's file-writing capabilities. * Ingestion points: User input/instructions for theme deduction in SKILL.md. * Boundary markers: Absent. * Capability inventory: Writing .md, .pdf, and .png files via SKILL.md instructions. * Sanitization: No validation or filtering of the user-provided input is specified.
Audit Metadata