canary-watch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run /canary-watch against arbitrary deployed URLs (e.g., "/canary-watch https://myapp.com" and compare staging/production), meaning the agent fetches and parses public/untrusted web pages (console errors, network requests, DOM content, performance metrics) and uses those results to drive alerts and hook actions.