geopandas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's data-io.md explicitly instructs reading from open/public web sources (e.g., OpenStreetMap via osmnx, direct TIGER/Line URLs, WFS endpoints, and s3:// cloud paths) and the main decision trees route users to that reference for downloading boundaries, so the agent is expected to fetch and act on untrusted, user-provided web content as part of its workflow.