canvas-dev
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines an 'AI Architect' persona with detailed execution steps. It includes a trigger instruction directing the AI to work autonomously without intermediate reporting; however, this is a task-oriented instruction and does not attempt to bypass core safety filters or ignore the system prompt.
- [DATA_EXPOSURE]: The skill operates on project paths provided by the user to analyze source code. There are no hardcoded credentials or patterns suggesting that sensitive information (like SSH keys or env files) is targeted for extraction or exfiltration to external domains.
- [REMOTE_CODE_EXECUTION]: The skill facilitates local code generation from whiteboard diagrams. It does not include commands to fetch or execute remote scripts from untrusted sources. Referenced external resources, such as the Obsidian official site, are well-known and safe.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. 1. Ingestion points: It reads project source code and Canvas JSON files as specified in 'references/prompts.md'. 2. Boundary markers: The prompts lack explicit markers or instructions to ignore embedded commands within the analyzed files. 3. Capability inventory: The skill is capable of generating and modifying project code based on its analysis. 4. Sanitization: There is no evidence of sanitization or validation of the untrusted project content before it is processed by the AI. This is a known risk for AI tools that interpret user-provided codebases.
Audit Metadata