The Agent Skills Directory

[SAFE]: No malicious behavior detected. The skill's operations are limited to interacting with the Canvas API through a local MCP server, and it strictly follows a human-in-the-loop pattern for all data-modifying actions.
[NO_CODE]: The skill consists entirely of markdown instructions and does not include any executable scripts, binaries, or configuration files.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted student-generated content from Canvas discussions. 1. Ingestion points: Discussion posts and messages are retrieved via 'list_discussion_entries' and 'get_discussion_entry_details' tools as described in SKILL.md. 2. Boundary markers: Absent; the prompt does not specify delimiters to separate untrusted content from agent instructions. 3. Capability inventory: Write capabilities in SKILL.md include 'reply_to_discussion_entry', 'post_discussion_entry', 'create_discussion_topic', 'create_announcement', and 'send_conversation'. 4. Sanitization: Absent; no explicit sanitization or filtering of the retrieved content is mentioned. Mitigation: The risk is mitigated by the 'Confirm before sending' best practice for all write-access tools.

canvas-discussion-facilitator