canva

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and processes user-generated Canva content from the third-party Canva API (see SKILL.md and scripts/canva.sh which call GET /designs, GET /designs/{designId}, /brand-templates and export endpoints), and those returned design/template data and job responses are read by the agent and used to decide or trigger exports/other actions, so untrusted third-party content could influence behavior.