canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill employs a 'faked history' technique to manipulate the agent's contextual state.
- Evidence: The 'FINAL STEP' section includes instructions stating 'IMPORTANT: The user ALREADY said it isn't perfect enough...', which forces the agent to assume a specific prior interaction occurred to trigger refinement logic.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to fetch external font assets from untrusted remote sources.
- Evidence: The skill explicitly tells the agent to 'Download and use whatever fonts are needed to make this a reality' without specifying trusted domains or verifying file integrity.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection by processing untrusted user data.
- Ingestion points: User-supplied 'subtle input' and conceptual references are consumed in the 'DEDUCING THE SUBTLE REFERENCE' and 'DESIGN PHILOSOPHY' steps.
- Boundary markers: There are no delimiters or markers used to distinguish user input from the skill's instructions.
- Capability inventory: The agent can write files (.md, .pdf, .png), search the local './canvas-fonts' directory, and download external assets.
- Sanitization: No input validation or escaping mechanisms are implemented for user-provided strings.
- [NO_CODE]: The skill package does not contain any executable code or scripts.
- Evidence: The skill is composed of markdown instructions and license text files for various fonts.
Audit Metadata