Skills
skills/canva-sdks/canva-claude-skills/canva-implement-feedback/Gen Agent Trust Hub

canva-implement-feedback

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of Canva reviewer comments which could be used for indirect prompt injection.
  • Ingestion points: Comment content is ingested via Canva:list-comments and Canva:list-replies during Step 2 of the workflow as described in SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard system-level instructions that might be embedded within the text of the comments.
  • Capability inventory: The skill has the capability to modify design elements via Canva:perform-editing-operations and post responses via Canva:reply-to-comment based on the interpreted feedback.
  • Sanitization: No sanitization or validation of the comment text is performed before the agent interprets and acts upon the feedback.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:26 AM