json-canvas
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions involve parsing external JSON data from .canvas files, creating a surface for indirect prompt injection through node content.
- Ingestion points: The workflows for editing and adding nodes involve reading and parsing existing JSON data from .canvas files.
- Boundary markers: No specific delimiters or safety instructions are provided to isolate the Markdown text content within nodes.
- Capability inventory: The agent uses filesystem tools to read and write .canvas files based on user instructions.
- Sanitization: Validation is limited to JSON structural integrity and ID uniqueness, lacking content-level sanitization for text fields.
- [EXTERNAL_DOWNLOADS]: The 'Link Nodes' specification includes an external URL field, which could lead an agent to interact with untrusted remote resources.
- [DATA_EXFILTRATION]: The 'File Nodes' feature allows the creation of links to local system files, which could be exploited to expose sensitive file paths or metadata if the agent is not restricted to a specific directory.
- [NO_CODE]: This skill consists entirely of Markdown instructions and examples, containing no scripts, binaries, or other executable code.
Audit Metadata