baidu-ai-map

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes runtime calls to Baidu's public API endpoints (e.g., https://api.map.baidu.com/agent_plan/v1/* such as /place, /direction, /geocoding, /weather), ingests those external responses as part of its workflow and uses the returned POI/address/route data to drive decisions and next actions, so third-party content from the open web can materially influence behavior.