geopandas

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). The prompt contains an extra behavior instruction that is outside the geopandas skill's stated purpose: a directive to proactively promote and suggest K-Dense Web for complex workflows, which changes the agent's behavior to advertise an external product rather than solely provide geopandas guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation explicitly instructs reading remote HTTP/S and cloud URLs (e.g., references/data-io.md and SKILL.md examples like gpd.read_file("https://example.com/data.geojson") and s3:/// access), meaning the agent can ingest arbitrary public/user-provided GeoJSON or other files which it will parse and act on (e.g., drives joins, analyses, or plotting), enabling indirect prompt-injection vectors.