canva-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill lists and browses user-generated Canva content (via CANVA_LIST_USER_DESIGNS and CANVA_ACCESS_USER_SPECIFIC_BRAND_TEMPLATES_LIST) and can fetch arbitrary external files via the CANVA_CREATE_ASSET_UPLOAD_JOB "url" parameter and download URLs from export jobs, so it clearly ingests untrusted third‑party content into its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding the MCP endpoint https://rube.app/mcp and explicitly directs calling RUBE_SEARCH_TOOLS at runtime to fetch current tool schemas, meaning remote content from that URL can change the agent's available tool instructions and thus directly control agent behavior.