canva-branded-presentation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection.
- Ingestion points: The workflow in
SKILL.mddescribes reading content from external Canva designs usingCanva:start-editing-transactionand user-provided text. - Boundary markers: Absent. The
Presentation Query Formatsection does not define delimiters (e.g., XML tags or triple quotes) or provide instructions to the model to ignore embedded commands within the ingested content. - Capability inventory: The skill can generate and create designs via
Canva:generate-designandCanva:create-design-from-candidatebased on the processed input. - Sanitization: Absent. The skill lacks instructions to escape or validate the content retrieved from external designs before interpolating it into the final tool query.
- [Data Exposure & Exfiltration] (SAFE): The skill accesses user brand kits and design metadata, but this is restricted to the integrated Canva toolset. No unauthorized network calls or credential exposures were detected.
- [Unverifiable Dependencies] (SAFE): No external code dependencies, package manifests (e.g., package.json, requirements.txt), or remote scripts are included in this skill.
Audit Metadata