Canvas
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill's primary operations—reading local source files, schemas, and API routes to generate visual diagrams—are performed within the project's local environment. It includes clear boundaries to avoid modifying existing code and does not exhibit patterns for network exfiltration, command execution, or obfuscation. While it processes project data that could theoretically contain indirect prompt injections (e.g., instructions hidden in code comments), the skill is instructed to prioritize source truth and maintain a limited scope. References to static analysis tools like pyan and PyCG are provided as informational resources and do not involve unauthorized software installation or execution.
Audit Metadata