Skills
skills/vishalsachdev/canvas-mcp/canvas-peer-review-manager/Snyk

canvas-peer-review-manager

Warn

Audited by Snyk on Mar 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly calls get_peer_review_comments (and downstream analyze_peer_review_quality / identify_problematic_peer_reviews) to ingest student-written peer review text from Canvas and uses those untrusted, user-generated comments to flag reviews and decide/send reminders (e.g., send_peer_review_reminders / send_peer_review_followup_campaign), so third-party content can materially influence agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 01:19 PM