weather-hint-tw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md step "跑腳本取得 JSON" and scripts/fetch_weather.py) fetches and ingests live data from public third‑party endpoints (get.geojs.io, api.open-meteo.com / geocoding-api.open-meteo.com, nominatim.openstreetmap.org, and a jsdelivr-hosted calendar) and the agent is expected to read and act on those returned fields to decide prompts and advice, so untrusted public content could influence behavior.