canvas-design
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Behavioral manipulation through hallucinated user feedback. The 'Final Step' in the skill instructions asserts that the user has already requested a 'masterpiece' and expressed dissatisfaction, which is a technique used to override the agent's default behavior and trigger a high-effort refinement cycle.
- [EXTERNAL_DOWNLOADS]: Unrestricted acquisition of external resources. The skill explicitly instructs the agent to 'Download and use whatever fonts are needed' without providing a list of trusted sources or domains, encouraging interaction with untrusted external providers.
- [COMMAND_EXECUTION]: Filesystem discovery. The instructions direct the agent to 'Search the ./canvas-fonts directory,' which requires the execution of shell commands or filesystem APIs to list and inspect local files.
- [PROMPT_INJECTION]: Indirect prompt injection attack surface.
- Ingestion points: The skill processes 'subtle inputs' and 'niche references' from the user to determine the 'soul' of the artwork.
- Boundary markers: No delimiters or 'ignore' instructions are used to separate user-provided concepts from the agent's system instructions.
- Capability inventory: The skill uses tools to create PDF and PNG files and perform filesystem operations.
- Sanitization: There is no logic to sanitize or validate the user-provided conceptual input before it influences the agent's generation process.
- [NO_CODE]: The skill package does not include executable scripts or code files, consisting entirely of instructions, metadata, and license documentation.
Audit Metadata