designing-canvas-images
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the use of
run_skills_snippetto execute Python code strings for all core operations. This dynamic execution model is inherently risky as it depends on the agent's ability to safely interpolate user-provided parameters like project paths and prompts into code blocks without introducing code injection vulnerabilities. - [PROMPT_INJECTION]: Instructions within the skill use 'CRITICAL' directives to force the agent to load and prioritize this specific skill when certain patterns are detected in user messages, which is an attempt to override the default skill-selection logic.
- [COMMAND_EXECUTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data (design markers, prompts, and XML-formatted requirements) and utilizing it within high-capability tool calls involving code execution and network access, without specified boundary markers or sanitization logic.
Audit Metadata