antv-g6-graph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation includes explicit runtime examples that fetch and ingest arbitrary external URLs (e.g., "远程数据加载" in references/core/g6-core-data-structure.md using fetch('https://api.example.com/graph-data') and the dynamic tooltip/node-detail fetch in references/core/g6-core-events.md), so the agent may read and act on untrusted third‑party content that can influence its behavior.