canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill attempts to manipulate the agent's context by simulating user feedback. Evidence: In
SKILL.md, the 'FINAL STEP' section includes the instruction: 'IMPORTANT: The user ALREADY said "It isn't perfect enough. It must be pristine..."'. This is a prompt injection pattern used to railroad the agent into a specific refinement loop.\n- [PROMPT_INJECTION]: The skill defines a workflow for processing untrusted user input to influence output generation without implementing sanitization or boundary markers. Evidence: The 'DEDUCING THE SUBTLE REFERENCE' section describes deducing a conceptual DNA from user input to be used in art creation. Ingestion points: original user request. Boundary markers: None present. Capability inventory: generation of .pdf, .png, and .md files. Sanitization: No validation or 'ignore' instructions for external content.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch resources from the internet without providing trusted sources. Evidence: InSKILL.md, the instruction 'Download and use whatever fonts are needed to make this a reality' directs the agent to fetch external assets from unspecified sources, potentially bypassing safe browsing or trusted vendor constraints.
Audit Metadata