canvas-info
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill retrieves and processes content from Canvas courses (pages, assignments, and discussions) which is considered untrusted data. 1. Ingestion points: Data is ingested via the 'canvaslms modules/pages/assignments/discussions view' commands. 2. Boundary markers: The skill does not define explicit delimiters or instructions for the agent to ignore embedded instructions in the fetched content. 3. Capability inventory: The skill utilizes the 'canvaslms' CLI for data access. 4. Sanitization: No sanitization of retrieved HTML or Markdown content is specified. This creates a potential surface for indirect prompt injection, but it is inherent to the research task and considered safe within this context.
- [Command Execution] (SAFE): The skill provides instructions for the agent to execute 'canvaslms' CLI commands. These commands are restricted to read-only operations and follow a legitimate research workflow.
- [Data Exposure] (SAFE): The skill accesses potentially sensitive information such as student grades and user enrollment lists. This access is the primary intended purpose of the skill for course management and research and occurs within the user's authorized environment.
Audit Metadata