canvas-design
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates a simulated user request in the "FINAL STEP" section ("The user ALREADY said 'It isn't perfect enough...'"). This is an adversarial pattern used to pre-emptively override the agent's assessment of completion and force it into a refinement loop.
- [PROMPT_INJECTION]: Aggressive and restrictive instructional framing is used throughout the skill (e.g., "non-negotiable," "CRITICAL," "VERY IMPORTANT") to steer agent behavior and override its standard creative or operational defaults.
- [PROMPT_INJECTION]: The skill processes user-supplied "subtle input" to generate design philosophies and visual artifacts (ingestion point: SKILL.md). Boundary markers are absent. Capability inventory includes creating .md, .pdf, and .png files (SKILL.md). Sanitization is absent. This creates a surface for indirect prompt injection where instructions embedded in user themes could influence file generation.
Audit Metadata