canvas-design
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses simulated user feedback ("The user ALREADY said 'It isn't perfect enough...'") in SKILL.md to override the actual conversation history and force the agent into a specific refinement loop. \n- [PROMPT_INJECTION]: Includes behavioral overrides like "STOP and instead ask" to restrict the agent's reasoning process and prevent deviation from the intended design goal. \n- [EXTERNAL_DOWNLOADS]: Instructs the agent in SKILL.md to "Download and use whatever fonts are needed," promoting the runtime retrieval of unverified files from external sources. \n- [PROMPT_INJECTION]: Surface for Indirect Prompt Injection (Category 8): \n
- Ingestion points: Processes "subtle input or instructions by the user" to influence philosophy and canvas generation as described in SKILL.md. \n
- Boundary markers: Lacks explicit instructions or delimiters to isolate user-provided concepts from the core design instructions. \n
- Capability inventory: Ability to create and write files (.md, .pdf, .png) and generate or refine rendering code as instructed in SKILL.md. \n
- Sanitization: No validation or escaping of user-provided creative input is specified before it is integrated into the final output.
Audit Metadata