canvas-populate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches arbitrary HTTP(S) URLs in the "add image" flow (downloads with curl and derives filenames/slugs from the URL) and accepts arbitrary URLs in "add link" (which fetches Open Graph previews), so untrusted third‑party web content is ingested and can influence node IDs, sizing/positioning, and subsequent matching/behavior.