edit-canvas-app
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution Management: The skill utilizes the
Bashtool to create directories derived from user input. To mitigate the risk of command injection, the instructions require the agent to transform the input into a 'kebab-case' string, acting as a functional security boundary. - Indirect Prompt Injection Surface: The workflow ingests external
.pa.yamlfiles via thesync_canvastool (Phase 1). This data is then read during assessment (Phase 2) and editing (Phase 3a) without explicit boundary markers or content sanitization. This creates a potential surface for indirect instructions embedded in the application code to influence the agent's behavior, leveraging its capabilities like file writing and task orchestration. - Tool and Capability Inventory: The skill is granted capabilities including directory creation (
Bash), file modification (Edit/Write), and the ability to spawn specialist sub-agents (Task). These tools are used in conjunction with vendor-provided MCP tools to manage the Power Apps lifecycle.
Audit Metadata