arcgis-layers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes multiple examples that load and ingest external public URLs (e.g., GeoJSONLayer from "https://earthquake.usgs.gov/...", CSVLayer "https://example.com/data.csv", FeatureLayer/ParquetLayer/WebTileLayer from arbitrary URLs) and the skill's workflows (queryFeatures, popupTemplate, layer loading and queries) explicitly read and act on that data, meaning untrusted third‑party content can be consumed and influence agent behavior.