Trust Assessment
canvas-design received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Excessive Permissions: Unrestricted External Resource Download, Excessive Permissions: File System Read Access to Local Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: Unrestricted External Resource Download The skill instructs the LLM to 'Download and use whatever fonts are needed to make this a reality.' This grants broad permission to download arbitrary files from external sources without specified restrictions or validation. This capability could be exploited by an attacker to cause the LLM to download malicious content, potentially leading to arbitrary code execution or data exfiltration if the LLM's execution environment is not sufficiently sandboxed or if downloaded files are not properly validated. Restrict external resource downloads to a curated list of trusted sources, implement strict content type and integrity validation for all downloaded files, or ensure downloads occur within a highly sandboxed and isolated environment that prevents execution of untrusted code. | LLM | SKILL.md:130 | |
| LOW | Excessive Permissions: File System Read Access to Local Directory The skill explicitly instructs the LLM to 'Search the `./canvas-fonts` directory.' This indicates the LLM has file system read access to a specific local directory. While the path is relative and specific, confirming file system interaction capabilities, this could become a vulnerability if combined with other weaknesses (e.g., path traversal via user input) leading to unauthorized information disclosure beyond the intended scope. Ensure the LLM's execution environment strictly limits file system access to only necessary directories and prevents any form of path traversal or arbitrary file access, even if the path is currently hardcoded within the skill definition. | LLM | SKILL.md:128 |
Scan History
Embed Code
[](https://skillshield.io/report/732155ce71787a15)
Powered by SkillShield