canva-automation
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation directs users to configure an external MCP server at
https://rube.app/mcp. This server provides the necessary tool schemas and logic for interacting with the Canva API. - [PROMPT_INJECTION]: The skill configuration presents a surface for indirect prompt injection from external data.
- Ingestion points: The skill ingests untrusted data from Canva via
CANVA_LIST_USER_DESIGNSandCANVA_ACCESS_USER_SPECIFIC_BRAND_TEMPLATES_LIST(located in SKILL.md). - Boundary markers: There are no markers or instructions in SKILL.md to delimit or ignore instructions within design titles or template placeholders.
- Capability inventory: The skill possesses capabilities to perform network uploads (via
CANVA_CREATE_ASSET_UPLOAD_JOB) and structural modifications to account folders and designs (documented in SKILL.md). - Sanitization: No sanitization or validation of data retrieved from external API calls is implemented or instructed.
Audit Metadata