bmap-jsapi-three

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and required usage examples explicitly load and ingest open/public third‑party content (e.g., reference/3dtiles-loading.md examples with Default3DTiles.url and Default3DTilesGroup URLs, reference/datasource/*.md showing GeoJSONDataSource.fromURL, JSONDataSource.fromURL, CSVDataSource.fromURL, and imagery/tile providers/WMS/WMTS/XYZ), so the agent is expected to fetch and interpret untrusted web-hosted data that can materially influence behavior.