json-canvas
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as documentation for a data format and does not contain any executable code or scripts.
- [EXTERNAL_DOWNLOADS]: It references authoritative documentation from 'jsoncanvas.org' and the 'obsidianmd' GitHub organization, which are recognized and safe technical resources.
- [DATA_EXFILTRATION]: Although the format supports referencing local files (e.g., in 'file' nodes), there are no instructions for unauthorized reading or external transmission of sensitive data.
- [PROMPT_INJECTION]: The skill defines a surface for processing Markdown text. 1. Ingestion points: 'text' fields in node objects within .canvas files. 2. Boundary markers: The JSON object structure provides field-level separation. 3. Capability inventory: Ability to create and modify .canvas files on the local filesystem. 4. Sanitization: No specific sanitization or filtering of the Markdown content is defined in the specification.
Audit Metadata