datawrapper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow repeatedly fetches and reads live Datawrapper API responses (e.g., calls to https://api.datawrapper.de/v3/charts/ and https://api.datawrapper.de/plugin/basemaps shown in SKILL.md) and instructs the agent to interpret that returned metadata/basemap data (user-provided chart metadata, annotations, basemap key lists) to decide configuration and follow-up API actions, so untrusted third‑party content can materially influence behavior.