Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/canva-common-errors/Gen Agent Trust Hub

canva-common-errors

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill serves as a reference and diagnostic tool for the Canva Connect API. It uses official API endpoints (api.canva.com) and standard OAuth 2.0 implementation patterns. All identified external resources originate from well-known services.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process external data from Canva API responses.
  • Ingestion points: API response payloads from https://api.canva.com/rest/v1/* processed via curl and fetch snippets in SKILL.md.
  • Boundary markers: None present; the instructions do not specify delimiters for data ingested from the API.
  • Capability inventory: The skill utilizes Bash(curl:*) which allows for shell-based network operations.
  • Sanitization: No sanitization, validation, or filtering of the external API content is defined in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:01 AM
Security Audit — agent-trust-hub — canva-common-errors