map

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls public AMap REST APIs (see scripts/map_manager.py using https://restapi.amap.com/... and the SKILL.md configuration/invocation), ingesting untrusted third‑party POI and route text (including step "instruction" fields) that the agent parses and uses to format routes and drive behavior, so external content could indirectly inject instructions.