Skills
skills/intelli-train-ai/cc-skills/canvas-design/Gen Agent Trust Hub

canvas-design

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill utilizes a simulated user quote ("The user ALREADY said...") to override standard behavior and mandate a refinement process.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface. 1. Ingestion points: User conceptual instructions for art creation mentioned in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or warnings to ignore embedded instructions. 3. Capability inventory: Generates and writes .md, .pdf, and .png files to the system. 4. Sanitization: None implemented for external user-supplied data.
  • [EXTERNAL_DOWNLOADS]: The skill instructions suggest downloading fonts from external GitHub repositories. While many are from trusted organizations like Google, IBM, and Vercel, others belong to individual developer accounts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 04:54 PM