canva-prod-checklist
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for production deployments, including explicit instructions to use secret managers for credentials and to avoid logging sensitive tokens.
- [COMMAND_EXECUTION]: The skill includes a verification script that uses
curlto interact with official Canva API endpoints (api.canva.com). These operations are consistent with the skill's stated purpose and target well-known, legitimate services. - [DATA_EXFILTRATION]: While the skill performs network requests, they are directed to the official Canva API. No unauthorized data exfiltration or suspicious network patterns were identified.
Audit Metadata