kepano-json-canvas
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill involves reading and parsing .canvas files which can contain untrusted data in text and label fields.
- Ingestion points: Untrusted data enters the agent context through the text field in nodes and label fields in groups and edges within the JSON structure defined in SKILL.md and EXAMPLES.md.
- Boundary markers: The skill does not provide instructions for using delimiters or boundary markers to distinguish between data and instructions.
- Capability inventory: The skill includes capabilities to read, parse, and update file contents.
- Sanitization: There is no evidence of instructions for sanitizing or escaping the content of canvas nodes to prevent embedded prompt injection attacks.
- [DATA_EXFILTRATION]: The skill specification includes 'File Nodes' that use a 'file' attribute to point to system files. While intended for local project assets, this creates a surface for potential data exposure if an agent is tricked into reading sensitive system files (e.g., configurations or keys) referenced in a malicious canvas file.
Audit Metadata