canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'FINAL STEP' section uses a coercive technique by claiming 'The user ALREADY said' certain instructions, which is a method used to override the agent's current context and force it into an iterative refinement loop.
- [EXTERNAL_DOWNLOADS]: The instruction to 'Download and use whatever fonts are needed' promotes the retrieval of remote resources from arbitrary, unspecified, and unvalidated locations.
- [EXTERNAL_DOWNLOADS]: The skill references font resources from Vercel's official repository and other well-known font authors in the './canvas-fonts' directory.
- [PROMPT_INJECTION]: The skill design incorporates a user-provided 'subtle conceptual thread' as the core logic for its generation process, creating an indirect prompt injection surface.
- Ingestion points: User-provided subtle references or niche topics ingested during the 'Deducing' phase.
- Boundary markers: Absent; the skill directs the agent to weave this input 'invisibly' into the generated content.
- Capability inventory: Creation of markdown, PDF, and PNG files, and execution of drawing functions or scripts.
- Sanitization: No validation or sanitization of the user-provided concepts is specified.
- [COMMAND_EXECUTION]: The instructions explicitly mention calling functions and drawing shapes in 'code' to generate visual artifacts, indicating a reliance on dynamic code generation and execution to fulfill requests.
Audit Metadata