carto-arcgis-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary ArcGIS Portal / AGOL content (e.g., via /sharing/rest/search and /sharing/rest/content/items//data?f=json and service URLs) during discover and migrate phases (see references/discover.md and app-routing-rubric.md), treats those user/third-party payloads (item data, widget configs, Arcade expressions, layer renderers) as input that drives routing, SQL translation, and tool actions, so untrusted third-party content can materially influence the agent's decisions and tool use.