canvas-design
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses a 'fake history' technique in the 'FINAL STEP' section, stating 'The user ALREADY said...', which is a method to override current agent state and force a specific refinement behavior. It also uses authoritative language like 'non-negotiable' and 'STOP' to bypass standard reasoning.
- [EXTERNAL_DOWNLOADS]: The instructions explicitly command the agent to 'Download and use whatever fonts are needed', which promotes fetching unverifiable assets from the internet at runtime.
- [PROMPT_INJECTION]: The 'DEDUCING THE SUBTLE REFERENCE' section directs the agent to weave niche user concepts into the 'soul' of the art without any boundary markers or instructions to ignore embedded commands in that user-provided conceptual DNA.
Audit Metadata