create-ixmap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to load and use external, user-provided data and files (e.g., .data({ url: "..." }) and Data.provider()/fetch examples in SKILL.md and API_REFERENCE.md, public URLs like https://example.com/incidents.geojson and S3/jsDelivr/raw.githubusercontent.com links in examples, and README Method A which tells the assistant to "Please read and follow the ixmaps skill specifications" from a raw GitHub URL), so it will fetch and interpret untrusted third‑party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The repository README explicitly instructs operators to load runtime instructions from https://raw.githubusercontent.com/gjrichter/ixmaps-claude-skill/main/SKILL.md (paste this raw URL into chat to “read and follow” the skill), which would fetch remote content that directly controls the assistant's prompts/behavior—this meets the criteria for a high-confidence risky external dependency.