arcgis-editing-advanced

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly loads and queries external FeatureLayer/SubtypeGroupLayer URLs (e.g., https://services.arcgis.com/.../FeatureServer/0), uses layer.queryRelatedFeatures and queryAttachments, and displays feature attributes and attachments—thereby ingesting and rendering potentially untrusted, user-generated public content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill loads and executes remote JavaScript from the ArcGIS CDN at runtime via the script src "https://js.arcgis.com/4.34/" which is a required dependency that runs remote code in the agent environment.