canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill employs 'context stuffing' by instructing the agent to proceed as if the user had already rejected previous drafts and demanded a 'pristine masterpiece.' This is a prompt engineering technique designed to force higher quality and iterative refinement rather than a malicious attempt to bypass safety guidelines.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface as it takes user input to form the 'foundation' of a design philosophy. However, the instructions emphasize creative interpretation and visual expression, making it unlikely that malicious instructions in the input would lead to system-level compromise.
- [SAFE]: The skill includes legitimate license files for open-source fonts located in the
./canvas-fontsdirectory. No network-based exfiltration, remote code execution, or credential theft patterns were found.
Audit Metadata