ckan-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill actively fetches and ingests metadata and resource files from public CKAN instances and data.europa.eu (e.g., via ckan_package_show, ckan_list_resources, ckan_datastore_search and DuckDB reads of CSV/JSON/Parquet URLs), and that untrusted, user-generated content is used to decide follow-up actions (extracting source_portal from resource URLs, choosing which portal/resource to query, and re-ranking/search logic) — creating a clear avenue for indirect prompt-injection.