canva-presentation-time-fitting
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill requires cloning the design using Canva:resize-design before any modifications, ensuring the original user content is preserved.
- [SAFE]: The operational scope is strictly confined to creating or updating presenter notes. The instructions explicitly forbid calling tools like replace_text or find_and_replace_text that would modify visible slide content.
- [PROMPT_INJECTION]: The skill processes untrusted data from existing slides to generate new content. Ingestion points: Slide content is read via Canva:get-design-content in SKILL.md. Boundary markers: None identified to separate slide content from instructions. Capability inventory: The skill has the ability to write to the design via Canva:perform-editing-operations and Canva:commit-editing-transaction in SKILL.md. Sanitization: No sanitization or validation of the ingested slide text is performed. While this creates a surface for indirect prompt injection, the risk is minimal as the output is restricted to speaker notes on a cloned design.
Audit Metadata