mcp-brasil-public-apis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests data from 28 open Brazilian public APIs (e.g., Portal da Transparência, DataJud, dados.gov.br) as shown in SKILL.md and the data/* client.py and tools examples, and meta-tools like planejar_consulta, executar_lote and the redator feature require the agent to read and act on that live third‑party API content, so those external responses could materially influence agent decisions or tool use.