bmap-jsapi-gl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's references (e.g., references/xyz-layer.md and references/mvt-layer.md) include examples that load arbitrary third‑party URLs/tiles (tileUrlTemplate, WMS/WMTS/XYZ tiles) and the docs (e.g., references/custom-overlay.md and info-window.md) show rendering arbitrary HTML/POI detail URLs into overlays/info windows, which are untrusted public content the agent is expected to handle/interpret as part of its workflow.