canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to search and read font-related files from the local directory path
./canvas-fontsto incorporate specific typography into visual designs. - [EXTERNAL_DOWNLOADS]: Instructions in
SKILL.mddirect the agent to download and use external fonts if required for artistic expression. No specific or untrusted URLs are hardcoded; the capability is intended for functional design purposes. - [PROMPT_INJECTION]: The skill uses simulated conversation history (e.g., 'The user ALREADY said...') as a prompt engineering technique to force the model into a refinement state and enforce high craftsmanship standards.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user input to derive the 'soul' or 'conceptual DNA' of the artwork. Evidence Chain:
- Ingestion points: User input referenced in the 'DESIGN PHILOSOPHY CREATION' and 'DEDUCING THE SUBTLE REFERENCE' sections of
SKILL.md. - Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands within the user-provided topic.
- Capability inventory: Reading local files (
./canvas-fonts), writing multiple file types (.md,.pdf,.png), and potential network operations for downloading fonts. - Sanitization: Absent; no validation or escaping of the user-provided reference is performed before it influences the model's creative and code-based output.
Audit Metadata