canva-data-handling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests user-generated Canva content and incoming webhook payloads from the Canva Connect API (e.g., GET /v1/designs, /v1/designs/{id}/comment_threads, /v1/exports and incoming POST webhooks), which are untrusted third-party data that the agent is expected to read/handle and could materially influence actions.