canvas-design
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'FINAL STEP' section of the instructions uses a history injection pattern, stating 'The user ALREADY said...', which is designed to trick the model into believing a previous user request for perfection was made. This attempt to manipulate the model's internal state via fake dialogue history is a form of instruction override.
- [EXTERNAL_DOWNLOADS]: The skill instructions explicitly direct the agent to 'Download and use whatever fonts are needed'. This instruction encourages the agent to retrieve data from unverified external network locations, which is a potential vector for delivering malicious or unexpected content if the download source is not constrained.
- [COMMAND_EXECUTION]: The instructions require the agent to perform local file system operations, such as searching the './canvas-fonts' directory. Additionally, the text references calling internal functions and creating specific file types, indicating that the skill is designed to interact with tools that have file system access and execution capabilities.
Audit Metadata