canvas-designer
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided 'design markers' and interpolates their 'name' or 'intent' directly into prompts for image and video generation tools.
- Ingestion points: The marker name/intent is extracted from user messages or canvas annotations as seen in reference/image/design-marker.md.
- Boundary markers: The skill lacks explicit boundary markers or 'ignore' instructions when combining user-supplied marker text with the generation prompt.
- Capability inventory: The skill utilizes generate_canvas_images, generate_canvas_videos, and run_sdk_snippet which provide significant generative capabilities.
- Sanitization: No sanitization or validation is applied to the marker intent before it is used to influence the agent's generative logic.
Audit Metadata