canvas-design
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions in
SKILL.mdexplicitly direct the agent to "Download and use whatever fonts are needed to make this a reality." This encourages the fetching of arbitrary binary assets from unspecified external sources during execution, which could be exploited to deliver malicious payloads or initiate unauthorized network connections. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by interpolating user-provided "subtle input" and niche "conceptual threads" into its generation process without proper sanitization or delimiters.
- Ingestion points: User input and instructions used as a foundation for creating visual philosophies and conceptual frameworks as described in
SKILL.md. - Boundary markers: Absent; the skill does not utilize delimiters or specific instructions to ignore embedded commands within the processed user data.
- Capability inventory: The skill is capable of searching the local filesystem (
./canvas-fonts), creating and writing multiple file formats (.md, .pdf, .png), and performing network operations to fetch fonts. - Sanitization: No evidence of input validation, filtering, or escaping of user-provided content was found.
Audit Metadata