canvas-navigation-components
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructs the agent on how to build UI components using standard framework-level tools. It references internal skills for design decomposition and data fetching.
- [DATA_FETCHING]: Data fetching is performed using standardized methods (SWR and a JsonApiClient) to retrieve menu items and breadcrumbs from a Drupal CMS. These operations are scoped to the intended functionality of the navigation components.
- [INDIRECT_PROMPT_INJECTION]: The skill describes an attack surface where components ingest data from an external CMS (Drupal menus and page context). This is a standard architectural pattern for this ecosystem and the skill includes guidance on handling missing data or restricted access through fallback links and user prompts. No high-risk capabilities (like direct shell execution or arbitrary code evaluation) are associated with the processing of this data.
- [DEPENDENCIES]: All referenced skills and libraries (e.g.,
drupal-canvas) appear to be part of the internal development framework associated with the author.
Audit Metadata