Skills
skills/omerakben/omer-akben/canvas-ai-tools/Gen Agent Trust Hub

canvas-ai-tools

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The run_code tool allows for the execution of Python, JavaScript, and TypeScript within the user's environment. While documentation specifies the use of sandboxes like Pyodide and iframes, this capability allows the execution of code generated by the model, representing a significant functional surface.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection through its data-ingestion tools.
  • Ingestion points: The initialContent field in open_canvas and the content field in update_canvas are points where untrusted data enters the agent context.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the tool parameters.
  • Capability inventory: The presence of the run_code tool provides a high-privilege execution path for potentially injected instructions.
  • Sanitization: While Zod is used to validate the structure of the data, the skill lacks mechanisms to sanitize or filter out instructions that may be embedded within the textual content itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:32 PM