local-places

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls the public Google Places API (places.googleapis.com) — see SKILL.md and src/local_places/google_places.py — and ingests user-visible/place data (names, addresses, website URIs, hours) that the agent reads and uses to decide follow-up actions, so untrusted third‑party content could influence behavior.