canvas
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses well-known services like
cdn.jsdelivr.netto import libraries such as Chart.js and Marked in Vanilla mode, which is considered a safe and standard practice. - [SAFE]: Dynamic code generation and rendering of UI artifacts (App.jsx or index.html) is the primary intended function of the skill, providing a controlled environment for frontend development.
- [SAFE]: Communication between the browser UI and the agent is handled through
window.canvasEmitand_log.jsonl, providing a clear and transparent audit trail of user interactions. - [SAFE]: The MarkdownViewer component implements security best practices for external links by using
target="_blank"andrel="noopener noreferrer"to prevent tab-nabbing and exposure of the opening window context.
Audit Metadata