mapbox-data-visualization-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime examples and workflow explicitly load and ingest external GeoJSON/vector tiles and live feeds (e.g., map.addSource(..., data: 'https://example.com/states.geojson'), map.addSource(..., tiles: ['https://example.com/tiles/{z}/{x}/{y}.mvt']), and the real-time update code that fetches from 'https://api.example.com/live-data' and a WebSocket 'wss://api.example.com/live'), meaning untrusted third‑party content would be read and used to drive styling, UI popups, and behavior.