canvas-design
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs context injection in the 'FINAL STEP' section of SKILL.md by instructing the agent to disregard the actual conversation state and act as if the user 'ALREADY' requested a masterpiece-level refinement, which overrides the model's natural interaction flow.
- [EXTERNAL_DOWNLOADS]: In the 'CANVAS CREATION' section of SKILL.md, the agent is directed to 'Download and use whatever fonts are needed,' which encourages the fetching of unverified binary assets from arbitrary remote sources without integrity verification.
- [COMMAND_EXECUTION]: The skill requires the agent to generate, execute, and iteratively 'refine' code to produce .pdf and .png files, constituting dynamic script generation and execution at runtime which lacks human-in-the-loop validation of the generated code.
- [PROMPT_INJECTION]: The skill has a vulnerable surface for indirect prompt injection in the 'DEDUCING THE SUBTLE REFERENCE' step; it ingests untrusted user input to derive a conceptual thread that dictates the agent's logic for philosophy creation and visual expression without implementing boundary markers, sanitization, or explicit instructions to ignore embedded commands.
Audit Metadata