google-maps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to call Google Maps endpoints (e.g., maps_search_places, maps_place_details, maps_search_nearby, maps_explore_area as documented in references/tools-api.md and SKILL.md) to ingest public, user-generated content such as reviews and photo URLs and to read/interpret review text and external links as part of decision-making (Local SEO and recipe workflows), which exposes the agent to untrusted third-party content that can materially influence tool use and actions.