canvas-accessibility-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources during the audit process.
- Ingestion points: Untrusted HTML content is retrieved from Canvas pages and assignments via the
get_page_contenttool, and external report data is ingested viafetch_ufixit_report. - Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings when processing the retrieved HTML, which could allow malicious instructions embedded in a Canvas page to influence agent behavior.
- Capability inventory: The agent has write access to course content via the
edit_page_contenttool and read access viaget_page_contentandscan_course_content_accessibility. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external HTML content before the agent interprets it to suggest or apply accessibility fixes.
Audit Metadata