Trust Assessment
canvas-design received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unrestricted External Font Downloads.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unrestricted External Font Downloads The skill explicitly instructs the LLM to 'Download and use whatever fonts are needed to make this a reality.' This instruction allows the LLM to fetch arbitrary external resources (fonts) without specifying trusted sources, validation mechanisms, or sandboxing. This poses a significant supply chain risk, as it could lead to the download and use of malicious fonts, fonts with embedded exploits, or fonts from untrusted repositories, potentially compromising the execution environment or leading to copyright infringement. Restrict font acquisition to a curated list of trusted, pre-approved fonts or font repositories. Implement strict validation (e.g., checksums, format checks) for any downloaded fonts. Ensure the environment where fonts are processed is heavily sandboxed to mitigate risks from malicious font files. | LLM | SKILL.md:107 |
Scan History
Embed Code
[](https://skillshield.io/report/6481fe997df82945)
Powered by SkillShield