ckan-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any malicious patterns, obfuscation, or persistence mechanisms.
- [COMMAND_EXECUTION]: The skill uses shell commands like
curlandduckdbvia Bash. These operations are strictly limited to fetching metadata from well-known open data APIs (such as data.europa.eu and dati.gov.it) and performing tabular data analysis on CSV, JSON, or Parquet resources. This is standard functionality for the skill's primary purpose. - [REMOTE_CODE_EXECUTION]: Network operations are restricted to trusted domains and official government data catalogs. There is no evidence of downloading and executing arbitrary scripts from untrusted remote sources.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted metadata (titles, descriptions, notes) and dataset content from third-party portals. This presents a theoretical surface for indirect prompt injection. However, the skill includes a dedicated 'Security' section with mandatory instructions for the agent to treat this content as untrusted and disregard any instructions found within. This risk is inherent to the use-case and is appropriately mitigated.
- [DATA_EXPOSURE_AND_EXFILTRATION]: There is no access to sensitive local files, environment variables, or hardcoded credentials. Network requests are used solely for data discovery and retrieval from public registries.
Audit Metadata