Skills
skills/dvdsgl/claude-canvas/canvas/Gen Agent Trust Hub

canvas

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE] (SAFE): No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected in the skill definition.
  • [COMMAND_EXECUTION] (LOW): The skill facilitates the execution of local scripts using bun run and interacts with tmux for layout management. This is expected behavior for terminal UI components and does not pose a security risk.
  • [INDIRECT_PROMPT_INJECTION] (LOW): As a toolkit for displaying data, the skill ingests external information for rendering in TUIs (e.g., calendar slots, document text). This is a standard operational surface for UI-focused skills.
  • Ingestion points: The --config CLI parameter and parameters for the pickMeetingTime, editDocument, and bookFlight API functions.
  • Boundary markers: Not explicitly mentioned in the documentation; the system relies on the underlying code for input handling.
  • Capability inventory: Local process execution via bun and tmux, and inter-process communication via Unix sockets.
  • Sanitization: Not documented at this level of the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM