canvas-design
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses a deceptive 'simulated history' technique ('The user ALREADY said...') to manipulate the agent into a specific high-pressure state, which can be used to override default behavioral constraints. Mitigation: Avoid simulating user feedback or history within the skill's core instructions.
- [PROMPT_INJECTION]: Explicit instructions are provided to avoid looking 'AI-generated' and mimic 'human-crafted' results, which is a steer to bypass stylistic filters or AI behavioral detection. Mitigation: Define specific aesthetic and technical standards rather than instructing the agent to evade detection.
- [EXTERNAL_DOWNLOADS]: The agent is commanded to 'Download and use whatever fonts are needed', which involves fetching arbitrary data from unverified external sources. Mitigation: Restrict downloads to a whitelist of trusted domains and verify file integrity.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-supplied input without sanitization. Ingestion points: User input used to deduce 'niche references' and influence design philosophy. Boundary markers: Absent. Capability inventory: Writing files to disk (.md, .pdf, .png). Sanitization: Absent. Mitigation: Use clear delimiters and instructions to ignore any embedded directives in processed data.
Audit Metadata