canva-known-pitfalls
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill consists entirely of educational content and code snippets aimed at improving integration quality and security for the Canva Connect API.
- [SAFE]: Pitfall #6 correctly identifies the security risk of exposing client secrets in browser-side code and advises server-side token exchange, which is a security best practice.
- [SAFE]: Pitfall #8 correctly advises developers to validate webhook signatures using JWK verification to prevent impersonation attacks.
Audit Metadata