canvas-component-definition
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an official JSON schema from the Drupal GitLab repository for validating component configuration and mock files.\n- [COMMAND_EXECUTION]: Includes instructions to run schema validation using the ajv-cli utility via npx on the local environment.\n- [DATA_EXFILTRATION]: Mentions reading the .env file to resolve the local path for the components root directory, which is a standard configuration practice in development environments.\n- [PROMPT_INJECTION]: Ingests and processes workspace components and metadata, creating a surface for potential indirect prompt injection through untrusted data.\n
- Ingestion points: Reads local index.jsx, component.yml, and mocks.json files from the project workspace.\n
- Boundary markers: Absent; there are no specific instructions or delimiters used to ignore instructions embedded within the component files.\n
- Capability inventory: The skill can create/modify local files and execute CLI-based validation tools.\n
- Sanitization: No explicit sanitization or filtering logic is specified for the content of the ingested components.
Audit Metadata