canvas
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill defines a 'file' node type that allows referencing external files via a 'file' attribute. This establishes a surface for data exposure where an agent might be coerced into reading or displaying sensitive local files (such as configuration files or credentials) if they are included in a diagram's definition. Found in SKILL.md and references/syntax.md.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of structured data that can contain untrusted natural language instructions.
- Ingestion points: User-provided content in the 'text' attribute of text nodes, and external content referenced via 'file' or 'url' attributes in file and link nodes (SKILL.md, references/syntax.md).
- Boundary markers: Absent. The skill provides no instructions to the agent to treat node content as data rather than instructions.
- Capability inventory: The agent's ability to read local filesystem paths and fetch external URLs as defined by the diagram schema.
- Sanitization: Absent. There are no guidelines for validating or escaping content within the JSON structure.
Audit Metadata