canva-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on an external MCP server endpoint (https://rube.app/mcp) to provide its core functionality. This endpoint is a community-sourced service and is not included in the trusted vendors list.
- [PROMPT_INJECTION]: The skill's architecture creates an attack surface for indirect prompt injection. * Ingestion points: The agent processes external data from Canva design titles/metadata via CANVA_LIST_USER_DESIGNS, file contents via CANVA_CREATE_ASSET_UPLOAD_JOB (using external URLs), and template placeholder data via CANVA_INITIATE_CANVA_DESIGN_AUTOFILL_JOB. * Boundary markers: The skill does not provide instructions to the agent to distinguish between its own logic and potentially malicious instructions embedded in ingested data. * Capability inventory: The skill has significant write permissions, including creating designs, uploading assets, and managing folder structures. * Sanitization: No data sanitization or validation mechanisms are described to mitigate risks from untrusted inputs.
Audit Metadata