canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs simulated historical context and coercive language to override standard agent operational behavior. Specifically, it instructs the agent that the user has already provided specific feedback (e.g., "The user ALREADY said 'It isn't perfect enough...'") to force a specific high-effort stylistic output.
- [PROMPT_INJECTION]: The skill defines a multi-stage process where untrusted user input is transformed into a "Design Philosophy" that subsequently acts as the primary instruction set for visual generation, creating a surface for indirect prompt injection.
- Ingestion points: User-provided subtle input or instructions used in the "Design Philosophy Creation" step as defined in
SKILL.md. - Boundary markers: Absent. The skill does not implement delimiters or safety instructions to separate the user-provided theme from the agent's core instructions.
- Capability inventory: The skill generates and writes multiple file types (.md, .pdf, .png) to the filesystem.
- Sanitization: Absent. No input validation or filtering is performed on user creative inputs before they are incorporated into the instruction generation logic.
Audit Metadata