canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs simulated user dialogue ("The user ALREADY said...") to artificially constrain the agent's behavior and force a 'masterpiece' refinement loop, which is a technique that can be used to bypass or manipulate current context.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to "Download and use whatever fonts are needed", which promotes fetching resources from unverified external domains without integrity checks.
- [COMMAND_EXECUTION]: The skill requires the agent to generate and execute code to produce visual outputs ("Go back to the code and refine/polish further"), creating a risk if the generation logic is influenced by malicious user input.
- [INDIRECT_PROMPT_INJECTION]: Ingestion points: User-provided niche references are processed to deduce the 'soul' of the artwork in SKILL.md. Boundary markers: Absent; user-provided concepts are directly integrated into the creative and code-generation process. Capability inventory: The agent is authorized to write files and execute code for canvas creation. Sanitization: Absent; no verification or escaping is performed on the extracted user references before they influence the generation of art and code.
Audit Metadata