create-ixmap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill repeatedly instructs the agent to fetch and ingest public third‑party content (e.g., .data({ url: "https://..."}), fetch(...) examples, and loading third‑party scripts from CDNs such as https://cdn.jsdelivr.net/gh/gjrichter/ixmaps-flat@master/ and raw.githubusercontent.com) as an integral part of its workflow, so untrusted web content and scripts can be read/executed and materially influence map behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill loads and executes remote JavaScript at runtime (a required dependency) such as https://cdn.jsdelivr.net/gh/gjrichter/ixmaps-flat@master/ixmaps.js (and companion CDN scripts like d3 and the usercharts on cdn.jsdelivr.net), so these URLs fetch and run external code the skill depends on.