Skills
skills/canva-sdks/canva-claude-skills/canva-classroom-helper/Gen Agent Trust Hub

canva-classroom-helper

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data which is then used to influence downstream generation tools.
  • Ingestion points: The skill reads external lesson plans provided as text, Canva design IDs, or via Canva:start-editing-transaction and Canva:search-designs (SKILL.md).
  • Boundary markers: Analysis of the 'Lesson plan -> deck query format' section reveals a lack of explicit boundary markers or instructions to ignore embedded commands when interpolating the source content into the query parameter for Canva:generate-design.
  • Capability inventory: The skill has capabilities to read existing designs, search the user's Canva account, and generate new presentations.
  • Sanitization: There is no evidence of input validation or sanitization of the lesson plan content before it is passed to the generation tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:01 PM