canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides natural language instructions for generating design philosophies and visual artifacts.
- [PROMPT_INJECTION]: While the skill uses strong directives such as 'CRITICAL' and 'IMPORTANT', these are used exclusively to enforce stylistic quality and output format constraints (e.g., .png, .pdf). There are no attempts to bypass safety filters, extract system prompts, or override core agent safety protocols.
- [REMOTE_CODE_EXECUTION]: The skill does not include any scripts, shell commands, or external package dependencies. It relies entirely on the agent's internal capabilities or existing tools for file generation.
- [DATA_EXFILTRATION]: There are no network calls, hardcoded credentials, or instructions to access sensitive local file paths (e.g., SSH keys or environment variables).
- [INDIRECT_PROMPT_INJECTION]: The skill processes user input to create a design philosophy. While this is an ingestion point for untrusted data, the output is restricted to static document formats (.md, .pdf, .png), which significantly limits the risk of downstream instruction execution.
Audit Metadata