maps-geolocation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes example API key and access-token strings and shows them embedded directly in export commands and client-side code (e.g., mapboxgl.accessToken = "pk.eyJ1..."), which encourages the LLM to output secret values verbatim instead of keeping them only in environment/configuration, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes code that fetches and parses data from public third‑party services (Google Maps APIs, Mapbox, OpenStreetMap/Nominatim, OSRM, and public tile/GeoJSON endpoints) and explicitly uses those responses to determine coordinates, routes, markers, and geofence/decision logic, so untrusted external content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime that fetches and executes remote JavaScript from the CDN (https://unpkg.com/leaflet@1.9/dist/leaflet.js), which the Leaflet-based interactive map examples rely on to run, so this external URL fetches and executes code at runtime.