canvas-discussion-facilitator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated Canvas discussion content via MCP tools like list_discussion_entries and get_discussion_entry_details (see Steps 3–5 and the Educator/Student Use Cases in SKILL.md) and then uses that content to draft and send replies or take actions, so untrusted discussion posts could inject instructions that influence the agent's behavior.