json-canvas
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: References external documentation and specifications from well-known sources including jsoncanvas.org and official repositories for the JSON Canvas specification.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection as it involves processing untrusted .canvas files containing text and file paths.
- Ingestion points: The agent reads and parses existing .canvas files as described in the workflows in SKILL.md.
- Boundary markers: The instructions do not define delimiters or warnings to ignore embedded instructions in the JSON text.
- Capability inventory: The skill contains no scripts or subprocess calls; it relies on the agent's native toolset for file manipulation.
- Sanitization: No sanitization or validation of the markdown text or file path fields in the JSON objects is mentioned.
Audit Metadata