arcgis-popup-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation includes runtime examples that fetch and render external/untrusted data into popups—e.g., the "Async Content Function" that performs fetch(/api/details/${id}) and returns HTML, image sourceURL placeholders like "{image_url}" and a FeatureLayer example with an external service URL—so the agent would ingest and interpret third‑party/user-provided content to build popup content.