local-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to call third-party endpoints (e.g., https://stableenrich.dev/api/google-maps/place-details/full) to fetch user-generated reviews and full place details and to "compare ratings, reviews, and amenities" as part of workflows, so the agent will read and act on untrusted third-party content (Google Maps reviews) that could carry indirect instructions.