canvas-code-execution
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates Python and JavaScript execution through browser-level sandboxes (Pyodide and iframes). It includes explicit security logic to block high-risk patterns such as eval(), exec(), and import() within the user-provided code.
- [EXTERNAL_DOWNLOADS]: Monaco Editor components are loaded via well-known and trusted content delivery networks including jsdelivr, unpkg, and cdnjs. These are standard resources for web applications and represent a safe configuration.
- [REMOTE_CODE_EXECUTION]: While the skill manages code execution, it enforces a strict security model using a 'Package Allowlist Only' approach and restricted iframe permissions (specifically omitting 'allow-same-origin') to prevent cross-origin access and environment escapes.
Audit Metadata