webgpu-canvas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests arbitrary external images via the loadTexture function (it calls fetch(url) and createImageBitmap on a provided URL), which clearly consumes untrusted third‑party content as part of its runtime workflow.