canva-data-handling

Handles Canva Connect API data with a focus on PII protection and compliance with GDPR/CCPA regulations.

Install this skill

72/100

Security score

The canva-data-handling skill was audited on May 19, 2026 and we found 8 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 95

Template literal with variable interpolation in command context

SourceSKILL.md

95	this.urls.set(`${id}:${type}`, {

medium line 102

Template literal with variable interpolation in command context

SourceSKILL.md

102	const entry = this.urls.get(`${id}:${type}`);

medium line 177

Template literal with variable interpolation in command context

SourceSKILL.md

177	await cache.deletePattern(`canva:user:${userId}:*`);

medium line 42

Webhook reference - potential data exfiltration

SourceSKILL.md

42	\| Webhook payloads \| Incoming POST \| Mixed \| Verify signature first \|

medium line 119

Webhook reference - potential data exfiltration

SourceSKILL.md

119	\| Webhook events \| 30 days \| Processing/replay \|

low line 200

External URL reference

SourceSKILL.md

200	- [Canva Privacy Policy](https://www.canva.com/policies/privacy-policy/)

low line 201

External URL reference

SourceSKILL.md

201	- [GDPR Developer Guide](https://gdpr.eu/developers/)

low line 202

External URL reference

SourceSKILL.md

202	- [Canva API Reference](https://www.canva.dev/docs/connect/api-reference/)

Scanned on May 19, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedMay 20, 2026

claude-code api backend marketing-analyst canva marketing

jeremylongshore/claude-code-plugins-plus-skills