mapbox-web-performance-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and AGENTS.md explicitly show fetching and ingesting external GeoJSON/tiles (e.g., fetch('/api/data'), fetch('/api/data?bbox=…'), and tiles: ['https://api.example.com/tiles/{z}/{x}/{y}.pbf']) and then directly using feature properties (setData(), addSource(), .setHTML(feature.properties.name)) to drive map behavior, which clearly ingests untrusted third‑party content that can materially influence actions.