canva
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto make web requests andjqto parse the resulting JSON data. These operations are standard, non-malicious, and necessary for communicating with the Canva API. - [EXTERNAL_DOWNLOADS]: Network operations are performed against
api.canva.com. As Canva is a well-known service, these references are documented neutrally and do not escalate the security risk. - [CREDENTIALS_UNSAFE]: The skill utilizes the
CANVA_TOKENenvironment variable for authentication, which is specified in thevm0_secretsfrontmatter. This follows the platform's secure design for credential injection rather than hardcoding sensitive information.
Audit Metadata