canvas-design
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill employs a deceptive 'fake history' instruction ('The user ALREADY said...') to override the agent's normal task completion logic and force it into an iterative refinement phase.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to 'Download and use whatever fonts are needed,' which creates a vulnerability surface for the agent to fetch untrusted binary files from the public internet.
- [PROMPT_INJECTION]: The skill processes user-provided conceptual threads to deduce design soul without sanitization or boundary markers, creating an attack surface for indirect prompt injection. • Ingestion points: User-provided input for conceptual threads. • Boundary markers: Absent. • Capability inventory: PDF and PNG file generation. • Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The font license files included in the skill's distribution reference well-known and trusted technology organizations including Google Fonts, Vercel, and Red Hat.
Audit Metadata