data-viz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and ingesting open/public third‑party content (e.g., references/geographic-maps.md uses urllib.request.urlopen(...) and pd.read_csv("https://raw.githubusercontent.com/...") to load GeoJSON/CSV), so the agent would read and act on untrusted web-hosted data that can materially influence visualization behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes HTML that loads and executes remote JavaScript at runtime (e.g., https://cdn.jsdelivr.net/npm/d3@7), which is a required dependency for the provided D3 examples and thus constitutes fetching and running external code at runtime.