canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill provides structured instructions for a creative workflow involving the generation of markdown, PDF, and PNG files based on a 'design philosophy'.
- [NO_CODE]: The skill package does not contain any executable code, scripts, or binary files. It operates via natural language instructions and references to local font licensing files in the
./canvas-fontsdirectory. - [PROMPT_INJECTION]: The skill uses a prompting technique where it instructs the agent to assume specific user feedback has already been received ('The user ALREADY said "It isn't perfect enough..."'). This is a stylistic instruction intended to trigger a refinement cycle for quality purposes rather than a security bypass.
- [EXTERNAL_DOWNLOADS]: The instructions suggest the agent 'Download and use whatever fonts are needed'. While this describes an external asset acquisition, it is within the context of artistic document creation and does not point to specific malicious repositories or binary execution.
Audit Metadata