Skills
skills/sundial-org/awesome-openclaw-skills/canvas-lms/Gen Agent Trust Hub

canvas-lms

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data from Canvas LMS API endpoints, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: API responses from endpoints like /api/v1/announcements and /api/v1/courses/{id}/discussion_topics.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to differentiate between data and potentially malicious instructions embedded in the data.
  • Capability inventory: The skill uses curl for network requests and jq/python3 for data transformation and processing.
  • Sanitization: No explicit sanitization or validation of the content received from the API is described.
  • [COMMAND_EXECUTION]: The skill utilizes common shell utilities (curl, jq, python3) to interact with the Canvas LMS REST API and handle JSON responses.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM