jsapi-ui-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's components (PlaceAutocomplete, PlaceSearch, and PlaceDetail.setPlace) explicitly load and query public Baidu Maps endpoints (e.g., script src "https://api.map.baidu.com/api..." and CDN resources) and handle POI/suggestion results returned from those third-party services which are read and acted on (events like 'suggest'/'select' drive searches and routing), so untrusted external content can materially influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill loads remote JavaScript at runtime from CDN/API URLs (https://unpkg.com/@baidumap/jsapi-ui-kit/dist/jsapi-ui-kit.iife.js and https://api.map.baidu.com/api?v=1.0&type=webgl&ak=YOUR_AK), which are required dependencies and are fetched and executed in-browser as code, so they constitute runtime-executed external content.