canvas-design
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive metadata, listing 'Anthropic' as the author in the SKILL.md frontmatter, which contradicts the provided developer context of 'zocomputer'. This can mislead the agent or user regarding the skill's origin and trust level.
- [PROMPT_INJECTION]: The 'FINAL STEP' section employs a simulated history technique ('The user ALREADY said...') to override the agent's current context and force it into a specific refinement mode, bypassing standard operational logic.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to 'Download and use whatever fonts are needed,' which encourages the retrieval of external assets from unspecified and potentially untrusted sources without validation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes user-provided conceptual inputs to generate visual designs without proper sanitization or boundary markers.
- Ingestion points: Processes subtle user inputs and conceptual references embedded in the design requests.
- Boundary markers: Absent; there are no delimiters or instructions provided to the agent to distinguish between user data and instructions.
- Capability inventory: File creation (.pdf, .png, .md) and network access for downloading fonts.
- Sanitization: Absent; no filtering or escaping mechanisms are implemented to prevent malicious instructions within user input from being executed.
Audit Metadata