ipa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly queries public third‑party endpoints on indicepa.gov.it (e.g., WS16/WS03/WS05/WS20 and the CKAN datastore_search resource_id cdaded04-f84e-4193-a720-47d6d5f422aa) and explicitly parses those responses to decide follow-up calls, build verification URLs, and choose actions, so external untrusted web content can materially influence the agent's behavior.