canvas-design
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses simulated user input in the 'FINAL STEP' section ('The user ALREADY said...') to override the agent's current state and force a specific refinement behavior.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to 'Download and use whatever fonts are needed', which constitutes a request to fetch external assets from unspecified and potentially untrusted remote sources.
- [COMMAND_EXECUTION]: The skill is instructed to interact with the local file system by searching the './canvas-fonts' directory and generating multiple file types (.md, .pdf, .png).
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted user data to derive 'subtle references' that influence the output.
- Ingestion points: User input and conceptual threads processed in 'DESIGN PHILOSOPHY CREATION' and 'DEDUCING THE SUBTLE REFERENCE'.
- Boundary markers: Absent; no delimiters are defined to separate user-provided concepts from system instructions.
- Capability inventory: File system enumeration (searching ./canvas-fonts), file creation (.md, .pdf, .png), and potential network access for font downloads.
- Sanitization: Absent; there is no mention of validating or filtering the 'subtle references' before they are incorporated into the generated art or philosophy.
Audit Metadata