carto-create-builder-maps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly ingests arbitrary external URLs (e.g., "Do silently, don't ask" — run carto imports create --file <path> or --url <url>) and supports external basemap styles (customBaseMaps.customStyle.url), and the agent then silently inspects those imported tables via carto connections describe / carto sql query to make cartographic and agent-configuration decisions, so untrusted third‑party content can be read and materially influence tool use and next actions.