geomaster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly fetch and ingest open/public third-party content (e.g., the STAC/Planetary Computer search in SKILL.md and references/data-sources.md, Sentinelsat/SciHub examples, Overpass API requests, and Google Earth Engine ImageCollection uses) and those results are read and acted on (search.get_items(), api.query(), requests.get(), .getInfo(), downloads), so untrusted web-hosted content can materially influence processing and subsequent actions.