canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The 'FINAL STEP' section employs a 'Fake History' injection technique by instructing the agent to believe the user has already requested higher quality ('The user ALREADY said...'). This is used to override the agent's current context and force specific refinement behavior. Additionally, the skill processes untrusted user input without boundary markers or sanitization, creating an indirect injection surface where the agent has the capability to write files (.md, .pdf, .png).
- [EXTERNAL_DOWNLOADS]: The instructions encourage the agent to 'Download and use whatever fonts are needed' from unspecified external sources, which could lead to the ingestion of unverified or untrusted assets depending on the agent's browsing capabilities.
- [NO_CODE]: The skill consists entirely of natural language instructions in a markdown file and does not ship with any executable scripts, binaries, or configuration files that would require code-level analysis.
Audit Metadata