ckan-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to query and ingest public third‑party sources (CKAN portals via ckan_package_search/package_show/ckan_list_resources, direct REST calls to data.europa.eu, and downloading/reading resource URLs with DuckDB/curl) and to use those metadata and resource contents to decide follow-up queries and actions, so untrusted web-hosted dataset content can materially influence behavior.