cesiumjs-viewer-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the viewer fetching and ingesting open/public third‑party data (e.g., custom geocoder using fetch(https://api.example.com/search?q=${input}), IonResource.fromAssetId, OpenStreetMapImageryProvider https://tile.openstreetmap.org/, and CesiumTerrainProvider.fromUrl), and those responses are parsed into geocoder destinations/tilesets which the agent uses to drive navigation and rendering, so untrusted external content can directly influence actions.