canva-bulk-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 1: "URL: fetch the resource and parse the response as tabular data") explicitly fetches arbitrary URLs and then uses that untrusted, third-party content to build autofill payloads, upload assets, and drive API calls (Steps 4–5), so external data can materially influence the agent's actions.