canva-classroom-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read and ingest lesson content from user-provided Canva design links, design IDs, or search results (via Canva:start-editing-transaction and Canva:search-designs in the "Get the lesson plan source" step), which can be arbitrary user-generated/public Canva content and therefore could carry untrusted instructions that influence subsequent generation and tool calls.