dashboard-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests third‑party content as part of its required workflow — e.g., the WorldMapChart loads geography topojson from the public CDN at https://cdn.jsdelivr.net/npm/world-atlas@2/countries-110m.json and the data integration/fetchData and fetchMetricData functions (references/data-api-integration.md and SKILL.md) call arbitrary external APIs via API_BASE_URL/axios, which the agent is expected to read and use to drive dashboard updates — exposing it to untrusted public content that can influence behavior.