canvas-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web image ingestion via the search_canvas_images tool ("Search images from the internet and automatically download and add them to the canvas" in reference/image/image-search.md and SKILL.md), meaning the agent fetches and uses untrusted, user-generated/open-web content as inputs that can directly influence generation and subsequent actions.