canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill employs a technique known as 'pre-emptive feedback' by instructing the agent to act as if the user has already requested higher quality ('The user ALREADY said: It isn't perfect enough...'). This pattern is used to override standard behavior thresholds and force the model into a specific state.
- [EXTERNAL_DOWNLOADS]: The instructions explicitly tell the agent to 'Download and use whatever fonts are needed to make this a reality.' This encourages the fetching of external assets from arbitrary remote sources without providing a list of trusted domains or verifying the integrity of the downloaded files.
- [PROMPT_INJECTION]: The skill uses 'CRITICAL' and 'IMPORTANT' markers to enforce stylistic choices and 'expert craftsmanship' (e.g., 'Emphasize craftsmanship REPEATEDLY'). While used here for quality control, this mimics the structure of prompt injection attacks used to override safety guidelines.
- [EXTERNAL_DOWNLOADS]: The skill references a local directory
./canvas-fontsfor fonts, but the secondary instruction to download others introduces a network dependency that could be exploited if the agent has internet access and follows user-supplied URLs for 'themes' that imply specific font needs.
Audit Metadata