arcgis-custom-rendering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows runtime fetching and processing of public third‑party URLs (esriRequest calls using urlTemplate such as https://tile.opentopomap.org/{z}/{x}/{y}.png and an explicit import of the LERC decoder from https://cdn.jsdelivr.net/...), meaning untrusted external data and even remote code are ingested/executed and directly used to drive rendering behavior, so external content could materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directly imports and executes required remote JavaScript at runtime from https://cdn.jsdelivr.net/npm/lerc@4.0.4/+esm (LERC decoder) and also loads the ArcGIS runtime via https://js.arcgis.com/4.34/, so these URLs fetch and execute code the skill depends on.