arcgis-core-maps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads content from public sources — e.g., CDN script tags and arbitrary service URLs, esriRequest examples, and the "Loading WebMaps and WebScenes" portalItem usage in SKILL.md (portalItem id and TileLayer/ElevationLayer URLs) — so untrusted, user-hosted WebMap/WebScene layers and fetched JSON/binary data are ingested and used to configure views/navigation, which could allow third‑party content to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes required runtime script imports that fetch and execute external JavaScript (e.g., https://js.arcgis.com/4.34/ and related CDN URLs like https://js.arcgis.com/calcite-components/3.3.3/calcite.esm.js and https://js.arcgis.com/4.34/map-components/), so remote code is executed at runtime from those URLs.