canvas-component-definition
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill establishes a workflow where the agent ingests and processes untrusted external data (React source code and YAML metadata), creating a surface for indirect prompt injection.
- Ingestion points:
index.jsx,component.yml. - Boundary markers: Absent; no instructions are provided to the agent to ignore or delimit instructions found within the components being reviewed.
- Capability inventory: File system read/write access (create, modify, refactor, and review components).
- Sanitization: Absent; no validation or escaping of the component content is mentioned.
- [Data Exposure] (LOW): The instructions suggest checking
.envfiles to resolve directory paths. While a common developer practice, directing an agent to access.envfiles is a risk factor as these files typically contain sensitive credentials. In this specific context of path configuration, the severity is maintained at LOW. - [No Code] (SAFE): The skill consists entirely of markdown instructions and lacks any scripts, binary executables, or automated network operations.
Audit Metadata