cesiumjs-3d-tiles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs loading and ingesting 3rd-party tilesets via arbitrary URLs (e.g., Cesium3DTileset.fromUrl("https://example.com/tileset.json") and I3SDataProvider.fromUrl("https://tiles.arcgis.com/...") in SKILL.md) and then reads/interprets feature properties and metadata (getProperty, getPropertyInherited, declarative styles) that can materially affect rendering and behavior, so untrusted content could inject instructions indirectly.