The Agent Skills Directory

Prompt Injection (HIGH): The skill exhibits a significant vulnerability to indirect prompt injection due to its ingestion of untrusted external content and its possession of write-privilege capabilities. Instructions embedded within course markdown files could manipulate the agent into performing unintended Canvas API actions. • Ingestion points: Local course files located in '/Users/vishal/teaching/badm350/modules/'. • Boundary markers: None. There are no delimiters or instructions to ignore commands within the data. • Capability inventory: Extensive API write access including 'mcp__canvas-api__create_page', 'create_module', and 'create_assignment'. • Sanitization: Absent. Content is passed directly to the 'body' and 'description' parameters of API tools.
Data Exposure (MEDIUM): The skill hardcodes absolute local filesystem paths (e.g., '/Users/vishal/teaching/badm350/') which reveals the internal directory structure and the specific username of the host system.
External Downloads (LOW): The skill references external Javascript and CSS assets from 'instructure-uploads.s3.amazonaws.com'. These are non-whitelisted external dependencies that could be leveraged for subversion if the remote assets are compromised.

badm350-canvas-builder