Trust Assessment
canvas-design received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unrestricted External Resource Download.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unrestricted External Resource Download The skill instructs the LLM to 'Download and use whatever fonts are needed to make this a reality.' without specifying trusted sources or validation mechanisms. This creates a significant supply chain risk, as the LLM could download malicious fonts, large files for a denial-of-service, or expose the system to untrusted external content. It also implies excessive network access permissions. Restrict font downloads to a curated list of trusted, pre-approved sources. Implement strict validation and sandboxing for any downloaded files. If possible, provide fonts locally rather than allowing arbitrary external downloads. | Static | SKILL.md:109 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Filesystem Access Implied for Font Search The instruction 'Search the `./canvas-fonts` directory' implies that the LLM has direct access to the local filesystem to list or inspect directory contents. While the scope is limited to a specific directory, this capability, if exploited, could lead to data exfiltration (e.g., listing sensitive filenames) or unauthorized access if the LLM's underlying tools allow broader filesystem interaction. Avoid instructing the LLM to directly 'search' local directories. Instead, provide a pre-defined list of available fonts or integrate with a secure font management system that abstracts filesystem access. Ensure the LLM's execution environment strictly limits filesystem access to only necessary, sandboxed paths. | Static | SKILL.md:106 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/da26a163276064f1)
Powered by SkillShield