photon-geocoder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the public Photon API (e.g., fetch to https://photon.komoot.io/api shown in api-reference.md) and ingests/parses GeoJSON from OpenStreetMap (user-generated) as part of its normal workflow, so untrusted third-party content can influence subsequent interpretation and actions.