The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill integrates with multiple external map tile providers and data sources to render maps.
Evidence: Downloads GeoJSON data from cdn.syncfusion.com and fetches map tiles from tile.openstreetmap.org, dev.virtualearth.net (Bing Maps), and api.tomtom.com.
Context: These are well-known technology services and official vendor repositories used for the primary functionality of the map control.
[DATA_EXFILTRATION]: The AI-driven location search implementation sends user-entered text to an external endpoint.
Evidence: In references/ai-location-search.md, the SfAutocomplete.Text value is passed to the GetResultsFromAI method, which sends a request to an Azure OpenAI endpoint (openai.azure.com).
Context: This is a functional requirement for the AI search feature and targets a well-known cloud service provider.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its AI-powered location search feature.
Ingestion points: User queries are captured via the SfAutocomplete control in references/ai-location-search.md and included in an LLM prompt.
Boundary markers: The implementation uses specific prompt instructions to guide the model (e.g., "retrieve minimum 5 to 6 entries", "The return format should be the following JSON format"), but lacks strictly enforced data delimiters.
Capability inventory: The AI response is parsed to populate CustomMarker objects which are displayed on the map. This involves setting coordinates and metadata but does not include executing code or writing to the file system.
Sanitization: The code includes coordinate validation in StringToDoubleConverter and range checks (Latitude < -90 || Latitude > 90) to ensure data integrity during parsing.

syncfusion-maui-maps