canva-performance-tuning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's main workflow (SKILL.md) instructs the agent to call the Canva Connect API (api.canva.com/rest/v1/*) and to read design metadata/items and job statuses (e.g., paginateDesigns, getDesignCached, batchExport, pollExport), which are third-party/user-generated content that the agent consumes and uses to decide actions like which designs to export or when to stop polling.