mapbox-data-visualization-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and ingest external data sources at runtime (e.g., map.addSource(... data: 'https://example.com/states.geojson'), vector tiles 'https://example.com/tiles/{z}/{x}/{y}.mvt', fetch('https://api.example.com/live-data'), and a WebSocket 'wss://api.example.com/live'), so untrusted third‑party content would be read and can directly influence styling, popups, animations, and other agent-driven actions.