atlas-obscura

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill scrapes Atlas Obscura (atlasobscura.com) via the atlas-obscura-api scraper (ao.mjs calls atlasObscura.search and placeFull) and ingests untrusted place descriptions, tags, and directions which are parsed and used to compute interest_score and to filter/sort results, so third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill auto-runs npm install on first run and then imports the atlas-obscura-api package, meaning it fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/atlas-obscura-api/-/atlas-obscura-api-5.0.3.tgz), so this runtime-fetched URL directly supplies executable code the skill depends on.