canvas
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the "@membranehq/cli" for interacting with the Canvas API. This is a vendor-provided tool from the skill's author (membranedev) used for managing platform connections and authentication.
- [SAFE]: Authentication and secret management (API keys, tokens) are handled server-side by the Membrane platform. The skill correctly instructs the agent to create connections rather than asking for or storing credentials locally.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Data from external sources such as Canvas courses, assignments, and announcements enters the agent context via "membrane action run" or "membrane request" outputs. Boundary markers and sanitization are absent in the skill instructions, and the agent possesses capabilities to read and write Canvas data. This is documented as a primary feature of the integration rather than a malicious pattern.
Audit Metadata