carto-basics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly says the MCP path "renders maps inline, exposes data discovery and saved-Builder-map preview tools, and dynamically registers the user's saved CARTO Workflows as MCP tools when available" and supports opening saved Builder maps by URL/ID/name (references to load_builder_map and list_maps), which means the agent will fetch and register user-generated content from external CARTO accounts that can influence available tools and subsequent actions.