mapbox-style-quality

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs fetching and validating GeoJSON from external APIs and user uploads (see "When adding GeoJSON data" and "Always validate when: Fetching GeoJSON from external APIs / Loading GeoJSON from user uploads"), so the agent is expected to ingest and act on untrusted third‑party content that can influence tool use and decisions.