canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: A comprehensive audit of the skill instructions and associated files revealed no malicious patterns, such as hardcoded credentials, privilege escalation, or unauthorized data exfiltration.
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to download fonts necessary for its graphic design tasks. This is a standard functional requirement and does not involve downloading or executing untrusted code or scripts.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes user-provided conceptual cues to inform its artistic direction. Ingestion points: User-provided conceptual threads and subtle references in SKILL.md. Boundary markers: None present. Capability inventory: Creation and output of .md, .pdf, and .png files. Sanitization: None described. This surface is inherent to the skill's creative purpose and is considered safe given the non-executable nature of the output formats.
Audit Metadata