The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses a hallucinated history technique in SKILL.md by instructing the agent to act as if the user has already provided specific feedback ("The user ALREADY said 'It isn't perfect enough...' "). This technique is used to bypass the natural interaction flow and force the agent into a specific persona.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted user input to drive file generation. 1. Ingestion points: User-provided design concepts and instructions referenced in SKILL.md. 2. Boundary markers: Absent; no delimiters or instructions are used to distinguish user input from agent instructions. 3. Capability inventory: Writing .md, .pdf, and .png files. 4. Sanitization: Absent; no content filtering or validation is specified for user inputs.
[EXTERNAL_DOWNLOADS]: SKILL.md contains an instruction to "Download and use whatever fonts are needed to make this a reality." This encourages the agent to fetch binary font files from external sources, particularly as the provided ./canvas-fonts directory contains only license text files and not the fonts themselves.

canvas-design