canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes 'pre-empted feedback' instructions that claim the user has already provided specific input to force the agent into a particular refinement and perfectionist state.
- Evidence: 'IMPORTANT: The user ALREADY said "It isn't perfect enough. It must be pristine..."' in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The instructions encourage the agent to retrieve assets from the internet, which may lead to the use of untrusted or unverified font files.
- Evidence: 'Download and use whatever fonts are needed to make this a reality.' in SKILL.md.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface where user-provided 'subtle input' is used to deduce conceptual themes that drive the generation of art and philosophy.
- Ingestion points: User instructions and 'subtle input' described in the 'DESIGN PHILOSOPHY CREATION' and 'DEDUCING THE SUBTLE REFERENCE' sections of SKILL.md.
- Boundary markers: Absent; no clear delimiters or instructions to ignore embedded commands within user input are provided.
- Capability inventory: File system writes (.pdf, .png, .md) and implied execution of drawing code/functions ('If the instinct is to call a new function...').
- Sanitization: Absent; no validation or escaping of user-derived 'subtle references' is specified before they are processed.
Audit Metadata