canvas-lms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to fetch and read course content (courses, modules, pages, syllabus) from user-specified Canvas instances (CANVAS_BASE_URL like https://yourschool.instructure.com) via MCP or curl, which are user/third-party-generated and the agent is expected to interpret and act on that content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). I flagged https://deb.nodesource.com/setup_lts.x (used with curl -fsSL ... | sudo -E bash -) and the npx package invocation @imazhar101/mcp-canvas-server (run via npx in the claude mcp add command) because both are fetched and executed at setup/runtime and are required for the skill to function, so they directly execute remote code and therefore pose risk.