Skills
skills/elizaos/eliza/canvas/Gen Agent Trust Hub

canvas

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The eval action allows for the execution of arbitrary JavaScript code within the WebView of connected nodes (Mac, iOS, Android). This is a powerful capability that could be misused to execute malicious scripts on target devices.
  • [DATA_EXFILTRATION]: The snapshot action provides the ability to capture images of the canvas state on connected nodes. This creates a risk of exposing sensitive or private data displayed on the screen.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: User-provided HTML files in the root directory and URLs passed to the present and navigate actions. Boundary markers: None identified; instructions in content are not delimited. Capability inventory: JavaScript execution (eval), screen capture (snapshot), and content rendering (present). Sanitization: No evidence of HTML sanitization or script filtering before rendering content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 07:44 AM