canva
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes data from an external API (Canva) that could contain malicious instructions intended to manipulate the agent.
- Ingestion points:
scripts/canva.shretrieves design titles, template metadata, and status messages through itsdesigns,get, andtemplatescommands. - Boundary markers: Absent; external content is returned directly into the agent context without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill possesses capabilities for network writes and file uploads via
scripts/canva.sh(upload,autofill,export). - Sanitization: No validation or sanitization is performed on the data retrieved from the Canva API.
- [DATA_EXFILTRATION]: The
uploadcommand inscripts/canva.shcan be used to transmit any local file to Canva's servers. While this is an intended feature for asset management, it provides a direct mechanism for the exfiltration of sensitive local data (such as configuration files or credentials) if the agent is manipulated via prompt injection.
Audit Metadata