asset-canister

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and inspect content from asset canisters (e.g., the "Verify It Works" section uses icp canister call frontend http_request and list to retrieve pages from https://<canister-id>.ic0.app), which are public/user-uploaded assets and therefore untrusted third‑party content that the agent must read and can influence subsequent deploy/verification actions.