The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation and demo files reference and download JavaScript libraries from Tencent's official domains, such as map.qq.com, mapapi.qq.com, and lbs.gtimg.com. This includes the core Map JS API, jQuery, and Three.js.
[EXTERNAL_DOWNLOADS]: Several demo files include a hardcoded public API key (OB4BZ-D4W3U-B7VVO-4PJWW-6TKDJ-WPB77) which is used by the vendor for public demonstrations and testing purposes.
[EXTERNAL_DOWNLOADS]: The skill templates and demos frequently access Tencent's WebService APIs (e.g., apis.map.qq.com) for location searching, route planning, and administrative division data.
[PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection. 1. Ingestion points: Data from apis.map.qq.com (e.g., item.title, item.address) is processed in references/jsapigl/demos/服务类库_关键字搜索.html and references/jsapigl/demos/服务类库_关键字输入提示.html. 2. Boundary markers: Absent in the HTML template interpolation. 3. Capability inventory: The code interacts with the TMap GL rendering engine; no execution of shell commands, direct file system writes, or sensitive file access is present across scripts. 4. Sanitization: Absent in the demo snippets.

tencentmap-jsapi-gl-skill