roadbook-csv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md shows it posts and retrieves data from public Cyeam endpoints (e.g., the CSV submit endpoint and the unauthenticated "https://www.cyeam.com/api/roadbook/get?id={id}" to fetch shared roadbook JSON), which are user-submitted/public resources that the agent is expected to read/interpret as part of generating or presenting routes, so untrusted third-party content could influence its actions.