canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The 'FINAL STEP' section in SKILL.md fabricates user feedback by stating 'The user ALREADY said "It isn't perfect enough..."', which is a technique used to override the agent's standard behavior and force a specific high-effort persona.- [EXTERNAL_DOWNLOADS]: The skill explicitly instructs the agent to 'Download and use whatever fonts are needed', which encourages the agent to initiate external network requests to fetch unverified third-party resources if they are not found in the local directory.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpreting untrusted user data into a 'Design Philosophy' that governs its subsequent file generation. Evidence: 1. Ingestion points: User instructions in the 'DESIGN PHILOSOPHY CREATION' and 'DEDUCING THE SUBTLE REFERENCE' sections. 2. Boundary markers: Absent. 3. Capability inventory: Generates .md, .pdf, and .png files via local tools. 4. Sanitization: Absent.
Audit Metadata