canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill employs simulated dialogue history in the "FINAL STEP" section (e.g., "The user ALREADY said 'It isn't perfect enough...' ") to force the agent into a specific iterative refinement state, bypassing the natural conversational flow.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its handling of untrusted user thematic input without sufficient safeguards. 1. Ingestion points: User themes and conceptual threads are processed in the "DESIGN PHILOSOPHY CREATION" and "DEDUCING THE SUBTLE REFERENCE" sections. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present when processing user thematic data. 3. Capability inventory: The agent is tasked with generating and refining code to produce .md, .pdf, and .png artifacts. 4. Sanitization: No input validation or filtering logic is specified for the user-supplied conceptual thread.
- [NO_CODE]: The skill package does not contain any executable scripts or configuration files, consisting exclusively of markdown instructions and license documentation for fonts.
Audit Metadata