arcgis-scene-effects

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill loads user-provided WebScene content via the (and manipulates viewElement.map.layers/external layers), which can ingest arbitrary public/user-generated map layers and assets from ArcGIS Online or external URLs as part of the runtime workflow—exposing the agent to untrusted third-party content (also hinted by the "Screenshot CORS: External layers" note).