local-places

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries the public Google Places API (via the local proxy at places.googleapis.com/v1 / localhost proxy) and ingests/displayes place data (names, addresses, websiteUri, opening hours, ratings) from third-party/user-generated sources as part of its normal workflow, exposing the agent to untrusted content that could carry indirect prompt injection.