datagouv-apis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill’s SKILL.md explicitly instructs the agent to fetch and consume public data from data.gouv.fr endpoints (e.g., GET /datasets/, /posts/, /discussions/) and to fetch external machine_documentation_url OpenAPI specs for dataservices (SKILL.md “Dataservices” section), which are untrusted/public third‑party content that the agent must read and use to drive subsequent API calls.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README explicitly tells agents to load the skill from the remote repository/raw URL (e.g. https://raw.githubusercontent.com/datagouv/datagouv-skills/main/SKILL.md and https://github.com/datagouv/datagouv-skills), which would be fetched at runtime and injected as model context/instructions, so this external content can directly control prompts.