canary-watch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent fetching and monitoring arbitrary deployed URLs (e.g., the "/canary-watch https://myapp.com" examples and the "What It Watches" section describing HTTP pages, console errors, static assets, and SSE streams), which ingests untrusted third-party web content that the skill interprets to decide alerts and next actions.