docs-canvas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Gather the source material" step explicitly accepts "a single doc URL" and instructs the agent to collect headings, code blocks, and cross-references from that document, meaning it ingests and acts on content from arbitrary external webpages.