canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a "faked history" technique in the 'FINAL STEP' section, instructing the agent to act as if the user has already provided specific feedback ("The user ALREADY said 'It isn't perfect enough...'"). This is designed to override the agent's natural response logic and force an iterative "masterpiece" refinement stage regardless of actual interaction.
- [EXTERNAL_DOWNLOADS]: The instructions in the 'CANVAS CREATION' section prompt the agent to "Download and use whatever fonts are needed to make this a reality." This is an open-ended instruction to fetch external assets which may lead the agent to access untrusted third-party websites or download potentially malicious files if the agent's environment allows web access.
- [PROMPT_INJECTION]: The skill processes user-provided instructions to form a "design philosophy" without implementing boundary markers or sanitization. This creates an attack surface where instructions hidden in a design request could manipulate the agent's output or behavior, especially given the instruction that user input "should not constrain creative freedom."
Audit Metadata