canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The 'FINAL STEP' section in
SKILL.mduses a simulated user quote ('It isn't perfect enough...') to programmatically force the agent into a refinement loop, which overrides the actual conversational state. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to 'Download and use whatever fonts are needed,' which encourages interaction with arbitrary remote sources without any domain whitelisting or security validation.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its processing of untrusted user-supplied 'conceptual threads.'
- Ingestion points: User-provided 'subtle input' and niche references described in the
DEDUCING THE SUBTLE REFERENCEsection ofSKILL.md. - Boundary markers: Absent; there are no delimiters or instructions to treat the user input as non-executable data.
- Capability inventory: The skill is explicitly tasked with creating
.md,.pdf, and.pngfiles. - Sanitization: Absent; no validation or filtering of user-provided input is specified before it is integrated into the design process.
Audit Metadata