workflow-canvas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill templates and examples explicitly fetch and process external, user-supplied web content (e.g., fetch_data(url) in templates/chain-workflow.py, scrape_websites(urls) in examples/group-example.md, and multiple fetch_*/fetch_dataset/fetch_from_source calls in templates/chord-pattern.py and templates/complex-workflow.py), so the agent workflows are clearly expected to ingest untrusted third-party content (APIs, arbitrary URLs, scraped sites) as part of execution.