goplaces

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill queries the public Google Places API (e.g., search, details, and notably --reviews) and ingests/display user-generated place data and reviews from the open web, which the agent would read and could carry maliciously embedded instructions.