canvas-workbench
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @drupal-canvas/workbench package from standard Node.js registries if it is not already available in the project. This is a vendor-owned package consistent with the skill's purpose.
- [COMMAND_EXECUTION]: The skill executes the workbench tool and installation commands using standard package managers such as npm, pnpm, bun, or yarn. These commands are typical for local development environments.
- [SAFE]: No malicious patterns such as prompt injection, data exfiltration, or obfuscation were detected. The skill's behavior is transparent and matches its described functionality.
Audit Metadata