canvas-accessibility-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses user-generated course HTML and reports (e.g., scan_course_content_accessibility, get_page_content(course_identifier, page_url), and fetch_ufixit_report(course_identifier) in SKILL.md), and it reads and acts on that untrusted content to decide and apply remediation actions, so third-party content could inject instructions that influence behavior.