The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses high-pressure language and simulated user feedback to override default agent behavior and safety considerations. For example, it includes instructions stating 'The user ALREADY said: It isn't perfect enough...' and labels various creative constraints as 'CRITICAL' or 'NON-NEGOTIABLE' to enforce a specific 'master craftsman' persona.
[EXTERNAL_DOWNLOADS]: The skill instructions encourage the agent to download and use fonts from external sources. The provided documentation in the 'canvas-fonts' directory references well-known and trusted repositories such as Google Fonts and Vercel Labs. Following the trust-scope rules, these references are documented neutrally and do not escalate the verdict.
[INDIRECT_PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it incorporates untrusted user input into a process that involves generating files and executing code for canvas creation.
Ingestion points: The skill processes 'subtle input or instructions by the user' as defined in 'SKILL.md'.
Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings provided to isolate user-provided conceptual threads from the agent's generative logic.
Capability inventory: The agent is instructed to create '.md', '.pdf', and '.png' files and is specifically told to 'refine/polish' and 'go back to the code' during canvas creation, indicating a capability for tool-based code execution.
Sanitization: The skill instructions lack any mention of escaping, validating, or filtering user-provided content before it is interpolated into the design philosophy or used to guide artifact creation.
[COMMAND_EXECUTION]: The 'Canvas Creation' and 'Final Step' sections in 'SKILL.md' instruct the agent to write and execute code to generate visual artifacts. While this is a intended functional capability, it serves as the execution vector for potentially malicious instructions ingested through user-provided references.

canvas-design