canny

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent fetching and reading user-generated Canny content (e.g., "List Posts", "List Comments", "Retrieve Post") and using Membrane's proxy requests to arbitrary Canny API endpoints, so the agent will ingest untrusted third-party content from Canny that could contain instructions.