docs-canvas
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structural guidance for documentation rendering and does not contain malicious code or obfuscated content. It references local configuration files in ~/.cursor/skills-cursor/canvas/ which is standard for platform-specific skill integration.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by ingesting data from markdown files and external URLs. Ingestion points: markdown files, doc URLs (SKILL.md). Boundary markers: Absent. Capability inventory: UI component rendering (cards, diagrams, tables, code blocks). Sanitization: Absent. The severity is low as the skill's actions are limited to UI presentation and lack capabilities for system modification or data exfiltration.
Audit Metadata