canvas
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected. The skill generates JSON containing user-provided text, URLs, and file references. While the skill itself does not execute code, the generated output could potentially be used to influence downstream agent actions if the agent re-interprets the rendered content.
- Ingestion points:
text,file, andurlfields in thenodesarray. - Boundary markers: Output is encapsulated within
```canvasmarkdown blocks. - Capability inventory: The skill is strictly for data formatting; no subprocess, network, or file-write capabilities are present in the provided instructions.
- Sanitization: The instructions do not define sanitization or validation for user input before interpolation into the JSON structure.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references external documentation via
https://xicilion.gitbook.io/markdown-viewer-extension/andhttps://jsoncanvas.org/spec/1.0/. These are informational links for syntax reference and do not involve automated script execution or package installation. - [SAFE] (SAFE): No evidence of obfuscation, persistence, privilege escalation, or direct data exfiltration was found. The skill is entirely declarative.
Audit Metadata