canvas-design
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses simulated user feedback ('The user ALREADY said "It isn't perfect enough..."') to override the agent's default completion behavior and force a specific quality state. This is a manipulative technique to bypass standard operational constraints. \n- [EXTERNAL_DOWNLOADS]: The instructions explicitly tell the agent to 'Download and use whatever fonts are needed,' which could lead the agent to fetch untrusted binary files from external sources. \n- [NO_CODE]: The skill package consists of Markdown and text files only. It ships no executable code, relying instead on the agent's internal tools to process design instructions. \n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing user-provided conceptual 'references' used in a code-execution environment to generate visual assets. \n
- Ingestion points: SKILL.md defines a process for taking user input to create a 'deduced topic'. \n
- Boundary markers: Absent. \n
- Capability inventory: Requires a code interpreter to generate PNG/PDF canvas files. \n
- Sanitization: Absent.
Audit Metadata