canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes 'context-forcing' instructions, such as claiming 'the user ALREADY said' certain things to override actual conversation history and force specific refinement behaviors.
- [EXTERNAL_DOWNLOADS]: The agent is directed to 'Download and use whatever fonts are needed,' which promotes the retrieval of assets from arbitrary, unverified third-party sources.
- [PROMPT_INJECTION]: The skill instructs the agent to weave conceptual references 'invisibly' into visual designs, creating a potential mechanism for stenographic instruction delivery.
- [NO_CODE]: No executable code or scripts are included in the skill package; the functionality relies entirely on natural language instructions provided to the agent.
Audit Metadata