The Agent Skills Directory

[SAFE]: The skill's primary purpose is to guide the agent in formatting and validating JSON data according to the JSON Canvas specification. No malicious commands or patterns were found.
[NO_CODE]: The skill consists entirely of descriptive Markdown files and JSON examples. It does not include any scripts, binaries, or automated execution steps.
[PROMPT_INJECTION]: The skill documentation includes workflows that require reading and parsing existing .canvas files, which presents a surface for indirect prompt injection. 1. Ingestion points: Workflows in SKILL.md for editing or adding to existing canvases involve reading external files. 2. Boundary markers: The instructions do not specify any delimiters or warnings to ignore content within node fields during processing. 3. Capability inventory: The agent is instructed to read and write .canvas files (JSON format) as described in SKILL.md. 4. Sanitization: A validation checklist is provided in SKILL.md, but it focuses on JSON schema structure and ID integrity rather than content filtering.
[DATA_EXFILTRATION]: The skill handles file paths and URLs as defined by the JSON Canvas spec. These are used for internal file referencing and external links within a canvas, which are standard features of the format.

json-canvas