chart-visualization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime script (scripts/generate.js) POSTs payloads to an external public API (default https://antv-studio.alipay.com/api/gpt-vis) and directly consumes/prints response.content.text for map charts, meaning it fetches and ingests untrusted third‑party content that the agent reads and could influence subsequent actions.