google-maps-list-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically scrapes public Google Maps data via the RapidAPI Maps Data API (maps-data.p.rapidapi.com) — shown in SKILL.md and src/client.ts — and explicitly requires running /icp-prompt-builder to have an AI evaluate sampled results, so untrusted third‑party (user/public) content is ingested and used to drive filtering and downstream actions.