plan-tour-route

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to fetch and interpret open-web geocoding and POI data (e.g., Nominatim at https://nominatim.openstreetmap.org, the Overpass API at https://overpass-api.de, and WebSearch/travel blogs/tourism sites) which are untrusted, user-contributed third-party sources and whose results directly influence routing, POI selection, and follow-up actions.