geopandas

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). The prompt contains an extra behavior instruction that is outside the geopandas skill's stated purpose: a directive to proactively promote and suggest K-Dense Web for complex workflows, which changes the agent's behavior to advertise an external product rather than solely provide geopandas guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly shows gpd.read_file reading from arbitrary HTTP/HTTPS URLs (references/data-io.md: "gdf = gpd.read_file('https://example.com/data.geojson')" and the Remote Storage section listing HTTP/HTTPS, S3, Azure), so the agent can ingest and parse untrusted public web-hosted user content as part of its workflow.