canvas-component-utils
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill documents a 'FormattedText' component that renders HTML content from external props, creating a surface for potential injection or XSS. 1. Ingestion points: 'text' prop in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: HTML rendering. 4. Sanitization: Absent in documentation.
- [External Downloads] (LOW): The skill references an external Node.js package 'drupal-canvas' which is not on the trusted source list. However, no active installation or execution scripts are provided.
Audit Metadata