gis-mapping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and uses public third-party content—e.g., OpenStreetMap tiles and Nominatim geocoding/OSRM routing responses and unpkg-hosted JS libraries referenced in SKILL.md, geocoding.md, and references/integration-guide.js—which are parsed/displayed and directly drive actions like map.setView, marker/route creation, and other logic, so untrusted remote content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill dynamically loads and executes third-party JavaScript at runtime from unpkg (e.g., https://unpkg.com/leaflet@1.9.4/dist/leaflet.js — also other unpkg URLs like leaflet.markercluster, leaflet.draw, @turf/turf, leaflet.heat, html2canvas, jspdf) which runs remote code and is required for the GISApplication initialization, so it meets the criteria for a runtime-executed external dependency.